|
Firewall Wizards
mailing list archives
RE: cisco config help
From: "Behm, Jeffrey L." <BehmJL () bvsg com>
Date: Fri, 25 May 2001 15:40:12 -0500
My understanding of this issue is that the mask in the access list is not
really a subnet mask, as most people think of them. It is more just a mask
that tells how many addresses to include in the range
for example, the next three statements refer to the private IP ranges
10.0.0.0->10.255.255.255, 172.16.0.0->172.31.255.255, and
192.168.0.0->192.168.255.255:
access-list 104 deny ip any 10.0.0.0 0.255.255.255
access-list 104 deny ip any 172.16.0.0 0.15.255.255
access-list 104 deny ip any 192.168.0.0 0.0.255.255
Looks like you should use
access-list 101 deny ip 63.101.102.0 0.0.0.128 any
to get the 63.101.102.0->62.101.102.127 range (is this the range of IP's you
are wanting?)
Maybe this is what you are looking for...
Jeff
-----Original Message-----
From: Stuart Clark [mailto:sclark () spacelink com au]
Sent: Friday, May 25, 01 9:47 AM
To: firewall-wizards () nfr com
Subject: [fw-wiz] cisco config help
Hi,
I am trying to make an access-list on my Cisco 3620.
I type 'access-list 101 deny ip 63.101.102.0 255.255.255.128 any'
The only problem is that the cisco converts 63.101.102.0 to 0.0.0.0
So the access list when i do a 'show running-config' looks like this
access-list number deny ip host 0.0.0.0 255.255.255.128 any
Why does it change ?
-------------------------------------
Stuart G. Clark
Manager,
Spacelink Communications Pty. Ltd.
http://www.spacelink.com.au
+61 03 9 888 9874
-------------------------------------
_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://www.nfr.com/mailman/listinfo/firewall-wizards
_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://www.nfr.com/mailman/listinfo/firewall-wizards
 By Date 
By Thread
Current thread:
|
Intro
