using wildcards with access lists in the asa

Unanswered Question
May 29th, 2008
User Badges:

I have about 450 remote locations that i want to give an outside vendor access to one host at each location. Each host starts with 40 and ends with 125 as the ip, example I would need it for the entire class A. Is there a way to use wildcards or filters so I don't have to have 450 lines of code to do this?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
srue Thu, 05/29/2008 - 11:06
User Badges:
  • Blue, 1500 points or more

e.g. permit ip w.x.y.z x.x.x.x

bboett Thu, 05/29/2008 - 11:18
User Badges:

I get this error when I tried this.

access-list test permit tcp

ERROR: IP address,mask <,> doesn't pair


srue Thu, 05/29/2008 - 11:29
User Badges:
  • Blue, 1500 points or more

what sort of device?

srue Thu, 05/29/2008 - 11:42
User Badges:
  • Blue, 1500 points or more

woops. i guess i didn't read teh title of your post well enough. yeah, the asa doesn't support that, at least i dont think so.

try the normal asa style of acl's (reverse the 255's and 0's)

bboett Thu, 05/29/2008 - 12:06
User Badges:

It took this statement but it will not allow traffic to those hosts. It does not show any details in the log as to why.

access-list TEST extended permit ip

srue Thu, 05/29/2008 - 14:21
User Badges:
  • Blue, 1500 points or more

is the address correct? that's a private address, and although you didn't specifically state, it appears as this is going over the public internet, in which case that address might be wrong, depending on your network setup.

did you apply the ACL with the access-group command?

bboett Thu, 05/29/2008 - 14:49
User Badges:

Sorry should have stated those are not my real ip addresses. Yes I applied this.


This Discussion