05-29-2008 04:16 AM
I have about 450 remote locations that i want to give an outside vendor access to one host at each location. Each host starts with 40 and ends with 125 as the ip, example 40.0.4.125. I would need it for the entire class A. Is there a way to use wildcards or filters so I don't have to have 450 lines of code to do this?
05-29-2008 11:06 AM
e.g. permit ip w.x.y.z x.x.x.x 40.0.0.125 0.255.255.0
05-29-2008 11:18 AM
I get this error when I tried this.
access-list test permit tcp 198.16.31.0 255.255.255.0 40.0.0.125 0.255.255.0
ERROR: IP address,mask <40.0.0.125,0.255.255.0> doesn't pair
Usage:
05-29-2008 11:29 AM
what sort of device?
05-29-2008 11:31 AM
cisco ASA 5510
05-29-2008 11:42 AM
woops. i guess i didn't read teh title of your post well enough. yeah, the asa doesn't support that, at least i dont think so.
try the normal asa style of acl's (reverse the 255's and 0's)
05-29-2008 12:06 PM
It took this statement but it will not allow traffic to those hosts. It does not show any details in the log as to why.
access-list TEST extended permit ip 192.168.33.0 255.255.255.0 40.0.0.125 255.0.0.255
05-29-2008 02:21 PM
is the address 192.168.33.0 correct? that's a private address, and although you didn't specifically state, it appears as this is going over the public internet, in which case that address might be wrong, depending on your network setup.
did you apply the ACL with the access-group command?
05-29-2008 02:49 PM
Sorry should have stated those are not my real ip addresses. Yes I applied this.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: