Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

What is wrong with my ACL using WildCard.

 

 

I am trying to deny few hosts in Cisco ASA however i got the Error why i should use the "subnet mask " for ACL in this Firewall. ? 

192.168.1.44
192.168.1.45
192.168.1.46
192.168.1.47

 

access-list inside_access_in_1 line 1 extended deny icmp 192.168.1.44 0.0.0.3 host 8.8.8.8 

ERROR: IP address,mask <192.168.1.44,0.0.0.3> doesn't pair

Please help. 

Thank you . 

 

1 ACCEPTED SOLUTION

Accepted Solutions
New Member

Since you're on an ASA, you

Since you're on an ASA, you can't use a wildcard mask - try using the subnet mask itself (255.255.255.252). You have the correct wildcard, but Cisco ASAs (or, to my knowledge, some/most of them) don't support wildcard masks in ACL statements. Otherwise it looks good to me. Let us know how it goes!

 

2 REPLIES
New Member

Since you're on an ASA, you

Since you're on an ASA, you can't use a wildcard mask - try using the subnet mask itself (255.255.255.252). You have the correct wildcard, but Cisco ASAs (or, to my knowledge, some/most of them) don't support wildcard masks in ACL statements. Otherwise it looks good to me. Let us know how it goes!

 

New Member

Thank you that's actually

Thank you that's actually funny that same vendor supporting different way to create ACL . Well i managed to get this done . Thank you for the correct answer. 

93
Views
0
Helpful
2
Replies
CreatePlease login to create content