Adding an IP ranged acl

terabull1 · ‎12-28-2004

I have access lists accepting connections from specific IP address with the following structure

access-list outside_inbound_acl permit tcp host xxx.xxx.xxx.xxx host xxx.xxx.xxx.xxx eq www

I need to keep those but also add a couple of ranges.

How do I allow, for example, 125.30.25.* ?

terabull1 · ‎12-28-2004

Can someone help with this syntax.

mrmozaffari · ‎12-28-2004

more information need.

what ranges :

for example if you want to permit range (125.30.25.1 - 125.30.25.30) to access the network :

access-list x permit ip 125.30.25.0 0.0.0.30 any

terabull1 · ‎12-28-2004

The range is 125.30.25.1 through 125.30.25.255.

I tried

access-list outside_inbound_acl permit tcp host 125.30.25.1 0.0.0.255 host xxx.xxx.xxx.xxx eq www

But it failed.

ERROR: invalid IP address host

kozinyy · ‎12-28-2004

When you use a word "host", don't use any mask.

terabull1 · ‎12-28-2004

Would it be correct to use..

access-list outside_inbound_acl permit tcp host 125.30.25.1 255.255.255.0 host xxx.xxx.xxx.xxx eq www

michaand · ‎12-28-2004

The host statement is a shortcut for x.x.x.x 255.255.255.255. So if you want to allow access for a network range you need to remove the "host" keyword and add a netmask. access-list outside_inbound_acl permit tcp 125.30.25.0 0.0.0.224 host x.x.x.x eq www