cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
502
Views
0
Helpful
3
Replies

Blacklists: ASA5510 / botnet filter

congressgroup
Level 1
Level 1

I am testing IP blacklists through the botnet filter.

If I try to add:

62.5.128.0/17

to the blacklist - I get the error message 'The netmask is not valid'. Can anyone explain that? I mean, that is a valid netmask is it not?

**oops. Misposted in wrong forum. I will repost in security forum. Sorry.**

3 Replies 3

Yudong Wu
Level 7
Level 7

can you try to use "255.255.128.0" instead of "/17".

no.. it will not take that format. It specifically calls (Through ASDM that is) for

1) hostname

2) specific IP

3) net mask in 10.10.20.0/24 format.

I am starting to think it will only take masks on major octets, like /8 /16 and /24 and the corresponding octets must be zero.

it will take:

62.5.0.0/16

or:

62.5.128.0/24

but not:

62.5.128.0/17

can you try the command line to see if you can do it?

I checked the command reference and did not see it specify this limitation.

http://www.cisco.com/en/US/docs/security/asa/asa82/command/reference/a2.html#wp1668380

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: