Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

using wildcards with access lists in the asa

I have about 450 remote locations that i want to give an outside vendor access to one host at each location. Each host starts with 40 and ends with 125 as the ip, example 40.0.4.125. I would need it for the entire class A. Is there a way to use wildcards or filters so I don't have to have 450 lines of code to do this?

8 REPLIES
Gold

Re: using wildcards with access lists in the asa

e.g. permit ip w.x.y.z x.x.x.x 40.0.0.125 0.255.255.0

New Member

Re: using wildcards with access lists in the asa

I get this error when I tried this.

access-list test permit tcp 198.16.31.0 255.255.255.0 40.0.0.125 0.255.255.0

ERROR: IP address,mask <40.0.0.125,0.255.255.0> doesn't pair

Usage:

Gold

Re: using wildcards with access lists in the asa

what sort of device?

New Member

Re: using wildcards with access lists in the asa

cisco ASA 5510

Gold

Re: using wildcards with access lists in the asa

woops. i guess i didn't read teh title of your post well enough. yeah, the asa doesn't support that, at least i dont think so.

try the normal asa style of acl's (reverse the 255's and 0's)

New Member

Re: using wildcards with access lists in the asa

It took this statement but it will not allow traffic to those hosts. It does not show any details in the log as to why.

access-list TEST extended permit ip 192.168.33.0 255.255.255.0 40.0.0.125 255.0.0.255

Gold

Re: using wildcards with access lists in the asa

is the address 192.168.33.0 correct? that's a private address, and although you didn't specifically state, it appears as this is going over the public internet, in which case that address might be wrong, depending on your network setup.

did you apply the ACL with the access-group command?

New Member

Re: using wildcards with access lists in the asa

Sorry should have stated those are not my real ip addresses. Yes I applied this.

164
Views
0
Helpful
8
Replies