about rule in FWSM

Unanswered Question
Oct 16th, 2007
User Badges:

Hi all,

I confuse about configuring rule in FWSM,


I use Catalyst 6513 + FWSM, I configure one rule:


Source Dest Service

10.20.4.0/27 any IP


that means I have 32 address from 1 to 32 to connect to any with service IP. But when I test, I only configure from 1 to 31, IP 32 can't connnect to any. If you know why, please answer me early.

Thank you very much.


Regards,


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Jon Marshall Tue, 10/16/2007 - 22:26
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Hi


This is because .32 is not part of your 10.20.4.0/27 subnet. Think of it like this.


/27 = 255.255.255.224


256 - 224 = 32 so your subnets go up in 32's eg.


Ist subnet = 10.20.4.0 255.255.255.224

2nd subnet = 10.20.4.32 255.255.255.224

3rd subnet = 10.20.4.64 255.255.255.224

etc...


So .32 is the network address of the next subnet.


Just for completeness you shouldn't really use .31 as an IP address of a host either as this is the broadcast address for the 10.20.4.0/27 subnet.


HTH


Jon

Actions

This Discussion