Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1291
Views
0
Helpful
3
Replies

ACL- Inverse Mask

Go to solution
sadik.bash
Level 1
Level 1

‎11-22-2013 03:11 PM - edited ‎03-11-2019 08:08 PM

Hello,

I have a server with IP address 172.22.94.224/22 and an ACL statement in one of the ASAs as follows "access-list 145 permit ip 172.22.94.224 0.0.0.31 any"

I got confused by the inverse mask address(0.0.0.31) and I would like some clarification.

Much appreciated.

Best, ~sK

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Karsten Iwen
VIP
VIP
In response to sadik.bash

‎11-22-2013 05:06 PM

0.0.0.31 is a mask that has 27 bits set to 0 (match) and five bits set to one (don't match). With that mask in the ACL you allow 32 addresses, in your case from 172.22.94.224 to 172.22.94.255.

Wildcardmasks are very good explained in the Wikipedia-article: http://en.wikipedia.org/wiki/Wildcard_mask


Sent from Cisco Technical Support iPad App

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Karsten Iwen
VIP
VIP

‎11-22-2013 04:38 PM

if that is really an ACL from an ASA, then it's probably wrong as the ASA doesn't use the inversed wildcardmask. The router-wildcard-mask of 0.0.0.31 would be 255.255.255.224 on the ASA.


Sent from Cisco Technical Support iPad App

0 Helpful

Go to solution
sadik.bash
Level 1
Level 1
In response to Karsten Iwen

‎11-22-2013 04:49 PM

Sorry, the inv mask is on the 4507 not the ASA. My question is what does this statement "

access-list 145 permit ip 172.22.94.224 0.0.0.31" mean?

Best, ~sK

0 Helpful

Go to solution
Karsten Iwen
VIP
VIP
In response to sadik.bash

‎11-22-2013 05:06 PM

0.0.0.31 is a mask that has 27 bits set to 0 (match) and five bits set to one (don't match). With that mask in the ACL you allow 32 addresses, in your case from 172.22.94.224 to 172.22.94.255.

Wildcardmasks are very good explained in the Wikipedia-article: http://en.wikipedia.org/wiki/Wildcard_mask


Sent from Cisco Technical Support iPad App

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card