Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

User Policies in SA540

Under the "User Policy By Source IP Address" is there anyway to define an IP address range?

Example:  Some of my remote users don't have static IP's from their ISP however their Dynamic IP's tend to stay pretty constant, so as an added level of security in my current setup I am able to restrict their access to the range of IP's they may receive from their ISP by using a range of lets say 225.80.1.1 to 225.80.255.255.  Is their anyway to accomplish this in the SA540?  I see the option to define a source IP address under the User Policy option but it only lets me put one address in there, not a range like I would like to.

2 ACCEPTED SOLUTIONS

Accepted Solutions

Re: User Policies in SA540

In that case, it would be 16.

Each octet is 8 bits.  It would be a 16 bit mask since you want to cover 2 octets.

255.0.0.0 = 8

255.255.0.0 = 16

255.255.255.0 = 24

Re: User Policies in SA540

5.5.0.1 is what you should put in.  Techinically, it should be 5.5.0.0, but it looks like there is some data verification that isn't correct.

5 REPLIES

Re: User Policies in SA540

If you change the option to network, it will allow you to put in a subnet.

New Member

Re: User Policies in SA540

Any chance you could go into more detail.

When I change the option to IP Network it still only has room for a single IP address but it also allows me to change the Mask Length.  Sadly I'm not sure what Mask Length means.

Let's say I want to limit access to only IP addresses in the range of 5.5.1.1 to 5.5.255.255.  What would I put in the Network Address/IP Address field and what value would the Mask Length be?

Re: User Policies in SA540

In that case, it would be 16.

Each octet is 8 bits.  It would be a 16 bit mask since you want to cover 2 octets.

255.0.0.0 = 8

255.255.0.0 = 16

255.255.255.0 = 24

New Member

Re: User Policies in SA540

So using my last example.

In the IP network field I would put 5.5.1.1  and in the mask I would put 16?  or would it be 5.5.0.0 and 16 for the mask?

Re: User Policies in SA540

5.5.0.1 is what you should put in.  Techinically, it should be 5.5.0.0, but it looks like there is some data verification that isn't correct.

684
Views
0
Helpful
5
Replies