access-list for 255.255.248 subnet

Answered Question
Mar 12th, 2010

Hi

I am in the proccess to change my subnet mask from 192.168.0.0/24 to 192.168.0.0/21 bit due to shortage of ip addresses

I am stuck at cisco 2811 router I as don't know exctly which access-list I need to apply.

below is my current access-list

access-list 1 remark SDM_ACL Category=2
access-list 1 permit 2xx.xx.1xx.1xx 0.0.0.7
access-list 100 remark SDM_ACL Category=1
access-list 100 remark IPSec Rule
access-list 100 permit ip 192.168.0.0 0.0.0.255 10.0.0.0 0.255.255.255
access-list 101 remark SDM_ACL Category=4
access-list 101 remark IPSec Rule
access-list 101 permit ip 2xx.1xx.2xx.xx 0.0.0.3 host xx.xx.xx.xx
access-list 120 permit ip 192.168.0.0 0.0.0.255 192.168.100.0 0.0.0.255
access-list 130 deny   ip 192.168.0.0 0.0.0.255 192.168.6.0 0.0.0.31
access-list 130 deny   ip 192.168.0.0 0.0.0.255 192.168.100.0 0.0.0.255
access-list 130 permit ip 192.168.6.0 0.0.0.255 any
access-list 130 permit ip 192.168.0.0 0.0.0.255 any
access-list 130 permit ip 192.168.0.0 0.0.0.248 any
access-list 199 permit ip 192.168.0.0 0.0.0.255 192.168.6.0 0.0.0.255

Please advice

Thanks

I have this problem too.
0 votes
Correct Answer by Aaron Harrison about 6 years 8 months ago

192.168.0.0/21 = 192.168.0.0 0.0.7.255

Regards

Aaron

Please rate helpful posts..

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
Aaron Harrison Fri, 03/12/2010 - 10:38

192.168.0.0/21 = 192.168.0.0 0.0.7.255

Regards

Aaron

Please rate helpful posts..

Jon Marshall Fri, 03/12/2010 - 11:31

If you want to work these out in future -

255.255.248.0

with a reverse mask 255 = 0 so

255.255.  = 0.0.


0 = 255

so

255.255.248.0  = 0.0.x.255

to work out what value to use for the 3rd octet ie. 248 subtract 248 from 255 so

255 - 248 = 7

so full mask =  0.0.7.255

another example  255.192.0.0

255 = 0

0 = 255

so 0.x.255.255

to get x

255 - 192 = 63

so full mask = 0.63.255.255

Jon

visteknetworking Wed, 03/17/2010 - 11:43

Thank you for the note.

I have notices that  i can't access LAN through VPN after changing to subnet as described in post above.

I understand that it's related to access-list once again and based on your explanation tried to change it but no luck so far.

I was wondering if it possible to let me know how it can be fixed.

ip local pool ippool 192.168.6.2 192.168.6.25

access-lists

access-list 1 remark SDM_ACL Category=2
access-list 1 permit 2xx.xx.1xxx.1xx 0.0.0.7
access-list 100 remark SDM_ACL Category=1
access-list 100 remark IPSec Rule
access-list 100 permit ip 192.168.0.0 0.0.0.255 10.0.0.0 0.255.255.255
access-list 101 remark SDM_ACL Category=4
access-list 101 remark IPSec Rule
access-list 101 permit ip 2xx.1xx.2xx.xx 0.0.0.3 host 6x.xx.xx.xx
access-list 120 permit ip 192.168.0.0 0.0.0.255 192.168.100.0 0.0.0.255
access-list 130 deny   ip 192.168.0.0 0.0.0.255 192.168.6.0 0.0.0.31
access-list 130 deny   ip 192.168.0.0 0.0.0.255 192.168.100.0 0.0.0.255
access-list 130 permit ip 192.168.6.0 0.0.0.255 any
access-list 130 permit ip 192.168.0.0 0.0.0.255 any
access-list 130 permit ip 192.168.0.0 0.0.7.255 any
access-list 130 deny   ip 192.168.0.0 0.0.7.255 192.168.6.0 0.0.0.31
access-list 199 permit ip 192.168.0.0 0.0.0.255 192.168.6.0 0.0.0.255
access-list 199 permit ip 192.168.0.0 0.0.7.255 192.168.6.0 0.0.0.255

route-map nonat permit 10
match ip address 130
match interface Serial0/1/0

Thank you

Actions

This Discussion