https://community.cisco.com/t5/network-security/acl-inverse-mask/m-p/2420591#M308372 <HTML><HEAD></HEAD><BODY><P>Sorry, the inv mask is on the 4507 not the ASA. My question is what does this statement "</P><P>access-list 145 permit ip 172.22.94.224 0.0.0.31" <SPAN style="font-size: 10pt;">mean? </SPAN></P><P></P><P></P><P></P><P>Best, ~sK </P></BODY></HTML> Sat, 23 Nov 2013 00:49:06 GMT sadik.bash 2013-11-23T00:49:06Z https://community.cisco.com/t5/network-security/acl-inverse-mask/m-p/2420589#M308366 <P>Hello, </P><P></P><P>I have a server with IP address 172.22.94.224/22 and an ACL statement in one of the ASAs as follows "<SPAN style="font-size: 10pt;">access-list 145 permit ip 172.22.94.224 0.0.0.31 any" </SPAN></P><P></P><P>I got confused by the inverse mask address(0.0.0.31) and I would like some clarification. </P><P></P><P></P><P>Much appreciated. </P><P></P><P>Best, ~sK </P> Tue, 12 Mar 2019 03:08:46 GMT https://community.cisco.com/t5/network-security/acl-inverse-mask/m-p/2420589#M308366 sadik.bash 2019-03-12T03:08:46Z https://community.cisco.com/t5/network-security/acl-inverse-mask/m-p/2420590#M308369 <HTML><HEAD></HEAD><BODY><P>if that is really an ACL from an ASA, then it's probably wrong as the ASA doesn't use the inversed wildcardmask. The router-wildcard-mask of 0.0.0.31 would be 255.255.255.224 on the ASA.<BR /><BR /><BR />Sent from Cisco Technical Support iPad App</P></BODY></HTML> Sat, 23 Nov 2013 00:38:37 GMT https://community.cisco.com/t5/network-security/acl-inverse-mask/m-p/2420590#M308369 Karsten Iwen 2013-11-23T00:38:37Z https://community.cisco.com/t5/network-security/acl-inverse-mask/m-p/2420591#M308372 <HTML><HEAD></HEAD><BODY><P>Sorry, the inv mask is on the 4507 not the ASA. My question is what does this statement "</P><P>access-list 145 permit ip 172.22.94.224 0.0.0.31" <SPAN style="font-size: 10pt;">mean? </SPAN></P><P></P><P></P><P></P><P>Best, ~sK </P></BODY></HTML> Sat, 23 Nov 2013 00:49:06 GMT https://community.cisco.com/t5/network-security/acl-inverse-mask/m-p/2420591#M308372 sadik.bash 2013-11-23T00:49:06Z https://community.cisco.com/t5/network-security/acl-inverse-mask/m-p/2420592#M308377 <HTML><HEAD></HEAD><BODY><P>0.0.0.31 is a mask that has 27 bits set to 0 (match) and five bits set to one (don't match). With that mask in the ACL you allow 32 addresses, in your case from 172.22.94.224 to 172.22.94.255.<BR /><BR />Wildcardmasks are very good explained in the Wikipedia-article: <A href="http://en.wikipedia.org/wiki/Wildcard_mask" target="_blank">http://en.wikipedia.org/wiki/Wildcard_mask</A><BR /><BR /><BR />Sent from Cisco Technical Support iPad App</P></BODY></HTML> Sat, 23 Nov 2013 01:06:18 GMT https://community.cisco.com/t5/network-security/acl-inverse-mask/m-p/2420592#M308377 Karsten Iwen 2013-11-23T01:06:18Z