Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1164
Views
0
Helpful
2
Replies

What is wrong with my ACL using WildCard.

Go to solution
Haider Malik
Level 1
Level 1

‎06-20-2014 11:14 AM - edited ‎02-20-2020 09:43 PM

 

 

I am trying to deny few hosts in Cisco ASA however i got the Error why i should use the "subnet mask " for ACL in this Firewall. ? 

192.168.1.44
192.168.1.45
192.168.1.46
192.168.1.47

 

access-list inside_access_in_1 line 1 extended deny icmp 192.168.1.44 0.0.0.3 host 8.8.8.8 

ERROR: IP address,mask <192.168.1.44,0.0.0.3> doesn't pair

Please help. 

Thank you . 

 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Mark Snyder
Level 1
Level 1

‎06-20-2014 12:16 PM

Since you're on an ASA, you can't use a wildcard mask - try using the subnet mask itself (255.255.255.252). You have the correct wildcard, but Cisco ASAs (or, to my knowledge, some/most of them) don't support wildcard masks in ACL statements. Otherwise it looks good to me. Let us know how it goes!

 

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Mark Snyder
Level 1
Level 1

‎06-20-2014 12:16 PM

Since you're on an ASA, you can't use a wildcard mask - try using the subnet mask itself (255.255.255.252). You have the correct wildcard, but Cisco ASAs (or, to my knowledge, some/most of them) don't support wildcard masks in ACL statements. Otherwise it looks good to me. Let us know how it goes!

 

0 Helpful

Go to solution
Haider Malik
Level 1
Level 1
In response to Mark Snyder

‎06-20-2014 12:50 PM

Thank you that's actually funny that same vendor supporting different way to create ACL . Well i managed to get this done . Thank you for the correct answer. 

0 Helpful
Customers Also Viewed These Support Documents