cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1022
Views
0
Helpful
8
Replies

using wildcards with access lists in the asa

bboett
Level 4
Level 4

I have about 450 remote locations that i want to give an outside vendor access to one host at each location. Each host starts with 40 and ends with 125 as the ip, example 40.0.4.125. I would need it for the entire class A. Is there a way to use wildcards or filters so I don't have to have 450 lines of code to do this?

8 Replies 8

srue
Level 7
Level 7

e.g. permit ip w.x.y.z x.x.x.x 40.0.0.125 0.255.255.0

I get this error when I tried this.

access-list test permit tcp 198.16.31.0 255.255.255.0 40.0.0.125 0.255.255.0

ERROR: IP address,mask <40.0.0.125,0.255.255.0> doesn't pair

Usage:

what sort of device?

cisco ASA 5510

woops. i guess i didn't read teh title of your post well enough. yeah, the asa doesn't support that, at least i dont think so.

try the normal asa style of acl's (reverse the 255's and 0's)

It took this statement but it will not allow traffic to those hosts. It does not show any details in the log as to why.

access-list TEST extended permit ip 192.168.33.0 255.255.255.0 40.0.0.125 255.0.0.255

is the address 192.168.33.0 correct? that's a private address, and although you didn't specifically state, it appears as this is going over the public internet, in which case that address might be wrong, depending on your network setup.

did you apply the ACL with the access-group command?

Sorry should have stated those are not my real ip addresses. Yes I applied this.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: