Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Blacklists: ASA5510 / botnet filter

I am testing IP blacklists through the botnet filter.

If I try to add:

62.5.128.0/17

to the blacklist - I get the error message 'The netmask is not valid'. Can anyone explain that? I mean, that is a valid netmask is it not?

**oops. Misposted in wrong forum. I will repost in security forum. Sorry.**

3 REPLIES

Re: Blacklists: ASA5510 / botnet filter

can you try to use "255.255.128.0" instead of "/17".

New Member

Re: Blacklists: ASA5510 / botnet filter

no.. it will not take that format. It specifically calls (Through ASDM that is) for

1) hostname

2) specific IP

3) net mask in 10.10.20.0/24 format.

I am starting to think it will only take masks on major octets, like /8 /16 and /24 and the corresponding octets must be zero.

it will take:

62.5.0.0/16

or:

62.5.128.0/24

but not:

62.5.128.0/17

Re: Blacklists: ASA5510 / botnet filter

can you try the command line to see if you can do it?

I checked the command reference and did not see it specify this limitation.

http://www.cisco.com/en/US/docs/security/asa/asa82/command/reference/a2.html#wp1668380

308
Views
0
Helpful
3
Replies