Re: summarization on access-list for VPN tunnels on PIX
I don't know whether route summerisation works in practice on a pix though I can't see why it shouldn't, however, whilst
you are right to summerise with the third octec (224=11100000), considering the 3rd octet - if you were to substitute it to the forth and imagine you were dealing with a subnet of a class C address, you would get the following:
00000000 - 256 addresses - 254 hosts
10000000 - 128a - 126h
11000000 -64a - 62h
11100000 -32a - 30h
11110000 -16a - 14h
11111000 -8a - 6h
11111100 -4a - 2h
11111110 -2a - 0h
11111111 -0a - 0h
and if we were looking at 11100000 we would get the networks:
Therefore, if you are looking at addresses in between 171 and 179, you need to be looking at the 160 network.
From this I would imagine that to contact 188.8.131.52 thru 179.0 I would be looking at trying to use
ip access-list 120 permit 10.1.0.0 255.255.0.0 184.108.40.206 255.255.224.0
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
[toc:faq]Introduction:This document describes details on how NAT-T
works.Background:ESP encrypts all critical information, encapsulating
the entire inner TCP/UDP datagram within an ESP header. ESP is an IP
protocol in the same sense that TCP and UDP are I...