Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
381
Views
0
Helpful
1
Replies

ACL's on Firewall IOS

alburton
Level 1
Level 1

‎09-10-2002 08:05 PM - edited ‎02-20-2020 09:18 PM

I have a 2600 router with IOS Software (C2600-IK8O3S-M), Version 12.2(5d). On an extented named ACL with the following entries

permit tcp host 192.168.1.10 10.1.2.224 0.0.0.30 eq 1494

permit udp host 192.168.1.10 10.1.2.224 0.0.0.30 eq 1604

This was causing connection to connections to 10.1.2.227 to be blocked, so when the ACL was expanded to

permit tcp host 192.168.1.10 10.1.2.224 0.0.0.31 eq 1494

permit udp host 192.168.1.10 10.1.2.224 0.0.0.31 eq 1604

The connections worked.

Does anyone know a reason for this.

Thanks..

Labels:
0 Helpful
1 Reply 1

nsteup
Level 1
Level 1

‎09-10-2002 09:15 PM

Hello Alan,

your wildcardmask .30 looks 00011110 in binary. This is not allowed because when you set one bit to 1 all following bits must be set to 1s either. So the .31 wildcardmask looks 00011111 in binary and that is allowed and - as you say - it works.

Best regards

Norbert

0 Helpful
Customers Also Viewed These Support Documents