Solved: No, that is not a valid

Peyman Sadeghi · ‎02-22-2015

Hi,

We have many hosts that share the same first and last octet. Is it possible if we can aggregate all those host like below ACL in the destination?

access-list test permit ip host 1.1.1.1 10.0.0.126 255.0.0.255

Thanks,

Peyman

Vibhor Amrodia · ‎02-28-2015

Hi,

Actually , you can add these discontinuous mask on the ASA device ACL.

If the mask fulfills the requirement , it will work on the ASA device.

Thanks and Regards,

Vibhor Amrodia

david-swope · ‎02-22-2015

No, that is not a valid subnet mask and you would not be allowed to input that into the ASA anyway for that reason.

What you need to do is a create an object-group and then underneath that input all of your individual hosts then you reference that in the ACL

object network Server

host 10.0.0.126

object-group network HOSTS

network-object 1.1.1.1

network-object 2.2.2.2

network-object 3.3.3.3

network-object 4.4.4.4

access-list test permit ip object-group HOSTS object Server

Vibhor Amrodia · ‎02-28-2015

Hi,

Actually , you can add these discontinuous mask on the ASA device ACL.

If the mask fulfills the requirement , it will work on the ASA device.

Thanks and Regards,

Vibhor Amrodia

Peyman Sadeghi · ‎03-03-2015

Vibhor,

Thanks for the confirmation. We also tested this and it worked perfectly fine.

Regards,

Peyman

Cisco ASA ACL with 255.0.0.255 Mask