01-22-2003 10:04 AM - edited 02-21-2020 12:18 PM
I have a customer who connects to us via a VPN tunnel on their PIX to ours. The customer has private networks that range from 192.18.171.0 thru 179.0.
Rather than having one independent access-list for each of these networks, I wanted to consider summarization using the mask in the access-list itself.
binary breakdown of the third octet is easy because it is contiguous address space. I was thinking I could summarize using the following:
ip access-list 120 permit 10.1.0.0 255.255.0.0 192.18.0.0 255.255.224.0
will this work for the VPN tunnels??
01-22-2003 05:57 PM
Hi
I don't know whether route summerisation works in practice on a pix though I can't see why it shouldn't, however, whilst
171=10101011
179=10110011
you are right to summerise with the third octec (224=11100000), considering the 3rd octet - if you were to substitute it to the forth and imagine you were dealing with a subnet of a class C address, you would get the following:
00000000 - 256 addresses - 254 hosts
10000000 - 128a - 126h
11000000 -64a - 62h
11100000 -32a - 30h
11110000 -16a - 14h
11111000 -8a - 6h
11111100 -4a - 2h
11111110 -2a - 0h
11111111 -0a - 0h
and if we were looking at 11100000 we would get the networks:
0,32,64,96,128,160,192,224
Therefore, if you are looking at addresses in between 171 and 179, you need to be looking at the 160 network.
From this I would imagine that to contact 192.18.171.0 thru 179.0 I would be looking at trying to use
ip access-list 120 permit 10.1.0.0 255.255.0.0 192.18.160.0 255.255.224.0
HTH
Kev
01-22-2003 07:22 PM
thanks. I had forgotten about the network bit positions needed to summarize.
I will follow up with you once tested...
Kevin
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide