02-22-2015 04:49 PM - edited 03-11-2019 10:32 PM
Hi,
We have many hosts that share the same first and last octet. Is it possible if we can aggregate all those host like below ACL in the destination?
access-list test permit ip host 1.1.1.1 10.0.0.126 255.0.0.255
Thanks,
Peyman
Solved! Go to Solution.
02-28-2015 12:15 PM
Hi,
Actually , you can add these discontinuous mask on the ASA device ACL.
If the mask fulfills the requirement , it will work on the ASA device.
Thanks and Regards,
Vibhor Amrodia
02-22-2015 07:55 PM
No, that is not a valid subnet mask and you would not be allowed to input that into the ASA anyway for that reason.
What you need to do is a create an object-group and then underneath that input all of your individual hosts then you reference that in the ACL
object network Server
host 10.0.0.126
object-group network HOSTS
network-object 1.1.1.1
network-object 2.2.2.2
network-object 3.3.3.3
network-object 4.4.4.4
access-list test permit ip object-group HOSTS object Server
02-28-2015 12:15 PM
Hi,
Actually , you can add these discontinuous mask on the ASA device ACL.
If the mask fulfills the requirement , it will work on the ASA device.
Thanks and Regards,
Vibhor Amrodia
03-03-2015 04:43 PM
Vibhor,
Thanks for the confirmation. We also tested this and it worked perfectly fine.
Regards,
Peyman
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: