using wildcards with access lists in the asa

Unanswered Question
May 29th, 2008

I have about 450 remote locations that i want to give an outside vendor access to one host at each location. Each host starts with 40 and ends with 125 as the ip, example 40.0.4.125. I would need it for the entire class A. Is there a way to use wildcards or filters so I don't have to have 450 lines of code to do this?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
srue Thu, 05/29/2008 - 11:06

e.g. permit ip w.x.y.z x.x.x.x 40.0.0.125 0.255.255.0

bboett Thu, 05/29/2008 - 11:18

I get this error when I tried this.

access-list test permit tcp 198.16.31.0 255.255.255.0 40.0.0.125 0.255.255.0

ERROR: IP address,mask <40.0.0.125,0.255.255.0> doesn't pair

Usage:

srue Thu, 05/29/2008 - 11:42

woops. i guess i didn't read teh title of your post well enough. yeah, the asa doesn't support that, at least i dont think so.

try the normal asa style of acl's (reverse the 255's and 0's)

bboett Thu, 05/29/2008 - 12:06

It took this statement but it will not allow traffic to those hosts. It does not show any details in the log as to why.

access-list TEST extended permit ip 192.168.33.0 255.255.255.0 40.0.0.125 255.0.0.255

srue Thu, 05/29/2008 - 14:21

is the address 192.168.33.0 correct? that's a private address, and although you didn't specifically state, it appears as this is going over the public internet, in which case that address might be wrong, depending on your network setup.

did you apply the ACL with the access-group command?

bboett Thu, 05/29/2008 - 14:49

Sorry should have stated those are not my real ip addresses. Yes I applied this.

Actions

This Discussion