Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Users might experience few discrepancies in Search results. We are working on this on our side. We apologize for the inconvenience it may have caused.
New Member

Error parsing destination mask

Hi everyone, here`s a basic question for you. I`m trying to make an ACL that would allow traffic to IPs that end with a .9

Here`s what I put in the ACL: permit ip any 0.0.0.9 255.255.255.0

This is an ACL that`s used with Cisco ACS when clients connect to our 3020 VPN concentrator. Checking the 3020 logs, I see this message once I try to connect: 9664 06/17/2008 13:34:51.840 SEV=4 FILTERDBG/39 RPT=4

Error parsing destination mask: 255.255.255.0, in rule (permit ip any 0.0.0.9 25

5.255.255.0).

Tearing down tunnel.

Is there something I'm doing wrong with the mask? I've seen this used in an ACL on one of our router and it's working fine. Is it a 3020 thing? If so, what can I do to permit access to x.x.x.9 only?

Thanks in advance,

Chris

2 REPLIES

Re: Error parsing destination mask

The VPN concentrator uses wild-card masks and not subnet-masks like the ASA/PIX, have a look at:

http://www.cisco.com/en/US/docs/security/vpn3000/vpn3000_47/administration/guide/dynfilt.html

Regards

Farrukh

New Member

Re: Error parsing destination mask

I understand that, that's why I put 255.255.255.0 so that only the last octet is relevent (in this case, the .9). If I put 0.0.0.255, it will be 0.0.0.x

I really want x.x.x.9 to be permitted...

127
Views
0
Helpful
2
Replies
CreatePlease to create content