Solved: What is wrong with my ACL using WildCard.

Haider Malik · ‎06-20-2014

I am trying to deny few hosts in Cisco ASA however i got the Error why i should use the "subnet mask " for ACL in this Firewall. ?

192.168.1.44

192.168.1.45

192.168.1.46

192.168.1.47

access-list inside_access_in_1 line 1 extended deny icmp 192.168.1.44 0.0.0.3 host 8.8.8.8

ERROR: IP address,mask <192.168.1.44,0.0.0.3> doesn't pair

Please help.

Thank you .

Mark Snyder · ‎06-20-2014

Since you're on an ASA, you can't use a wildcard mask - try using the subnet mask itself (255.255.255.252). You have the correct wildcard, but Cisco ASAs (or, to my knowledge, some/most of them) don't support wildcard masks in ACL statements. Otherwise it looks good to me. Let us know how it goes!

View solution in original post

Mark Snyder · ‎06-20-2014

Since you're on an ASA, you can't use a wildcard mask - try using the subnet mask itself (255.255.255.252). You have the correct wildcard, but Cisco ASAs (or, to my knowledge, some/most of them) don't support wildcard masks in ACL statements. Otherwise it looks good to me. Let us know how it goes!

Haider Malik · ‎06-20-2014

Thank you that's actually funny that same vendor supporting different way to create ACL . Well i managed to get this done . Thank you for the correct answer.