Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
467
Views
0
Helpful
4
Replies

Is this correct for PIX Firewall.

singh
Level 1
Level 1

‎03-04-2005 04:03 PM - edited ‎02-20-2020 11:59 PM

I like to block ip range for 64.68.96.0 with 64.68.127.255 as subnet mask at PIX 520.

conduit deny tcp host 64.68.96.0 subnet mask 64.68.127.255 0 0

I don't want to use any access list.

0 Helpful
4 Replies 4

bhillman
Level 1
Level 1

‎03-04-2005 04:41 PM

You need to use 255.255.255.0 if you want to block the entire range of 64.68.96.0-64.68.96.255

0 Helpful

singh
Level 1
Level 1
In response to bhillman

‎03-08-2005 11:22 AM

I tried gave me a syntax error.

As I mentioned earlier:

64.68.96.0 is the Ip range

64.68.127.255 is the subnet mask for that range.

0 Helpful

abacco
Level 1
Level 1
In response to singh

‎03-08-2005 02:40 PM

64.68.127.255 is not a subnet mask. I suspect that you mean that the subnet mask is 255.255.128.0. However, when you enter it into the PIX, I suspect that you need to use the inverse mask which would be 0.0.127.255.

0 Helpful

abacco
Level 1
Level 1
In response to abacco

‎03-08-2005 02:47 PM

Sorry! Disregard my previous post. I re-read your original post. The mask to denote 64.68.96.0 to 64.68.127.255 the mask is 255.255.224.0. If you did need the inverse mask it would be 0.0.31.255.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card