Solved: Weird ACL issue

droeun141 · ‎08-02-2010

Trying to permit everything (via VPN) to 96.0/23 & 25.0/24, but I'm getting a strange output. Never seen this before - any ideas?

Router(config)#ip access-list ext 150
Router(config-ext-nacl)#permit ip any 155.155.96.0 255.255.254.0
Router(config-ext-nacl)#permit ip any 155.155.25.0 255.255.255.0

But output shows:

access-list 150 permit ip any 0.0.0.0 255.255.254.0
access-list 150 permit ip any 0.0.0.0 255.255.255.0

rahgovin · ‎08-02-2010

use wild card mask instead of subnet masks for acls on routers.

http://ciscosystems.com/en/US/products/sw/secursw/ps1018/products_tech_note09186a00800a5b9a.shtml#topic2

View solution in original post

Jitendriya Athavale · ‎08-02-2010

oop's

you should use wildcard mask in routers

try this

Router(config)#ip access-list ext 150
Router(config-ext-nacl)#permit ip any 155.155.96.0 0.0.1.255
Router(config-ext-nacl)#permit ip any 155.155.25.0 0.0.0.255

View solution in original post

rahgovin · ‎08-02-2010

use wild card mask instead of subnet masks for acls on routers.

http://ciscosystems.com/en/US/products/sw/secursw/ps1018/products_tech_note09186a00800a5b9a.shtml#topic2

Jitendriya Athavale · ‎08-02-2010

oop's

you should use wildcard mask in routers

try this

Router(config)#ip access-list ext 150
Router(config-ext-nacl)#permit ip any 155.155.96.0 0.0.1.255
Router(config-ext-nacl)#permit ip any 155.155.25.0 0.0.0.255

droeun141 · ‎08-02-2010

I officially feel retarded. Can't believe I overlooked that one, thanks guys.

Jitendriya Athavale · ‎08-02-2010

everyone gets caught in this thing at one point of time or other

b.julin · ‎08-02-2010

You may be spending to much time on Cisco routers if:

1) You try to "enab" instead of "su" on a UNIX box

2) ps aux | include myprocess

3) ifconfig eth0 10.10.10.1 netmask 0.0.255.255