Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1132
Views
25
Helpful
5
Replies

IP prefix-list for /32 subnet (remote VPN usr)

Go to solution
Kyujin Choi
Level 1
Level 1

‎08-15-2022 09:33 AM - last edited on ‎08-17-2022 02:37 AM by Community Manager

 

 Hi there. I would like to get expertise about

IP prefix-list

to define remote VPN users. 

 Currently, 10.1.2.0/24 is for remote VPN subnet. 

 OSPF route table has 10.1.2.x/32. Belows are examples for remote VPN routes (/32)

 10.1.2.91/32, 10.1.2.103/32, 10.1.2 11/32 etc (Basically, I need to define every /32 route of 10.1.2.x/32 by using

IP prefix-list

  How do I define each user's subnet 10.1.2.x/32 with

IP prefix-list?

Eventually I will redistribute OSPF route to BGP along with

 IP prefix-list

Thanks!

 

 IP prefix-list remote-vpn seq 10 permit 10.1.2.0/32   

(Is this right?)

 

 

Labels:
1 Accepted Solution

Accepted Solutions

Go to solution
Harold Ritter
Level 12
Level 12
In response to Kyujin Choi

‎08-15-2022 11:08 AM - last edited on ‎08-17-2022 02:41 AM by Community Manager

Hi @Kyujin Choi ,

If you only want to allow all the /32 prefixes belonging to 10.1.2.0/24, you need the following

prefix-list:

 

IP prefix-list remote-vpn seq 10 permit 10.1.2.0/24 ge 32

Regards,

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

View solution in original post

5 Replies 5

Go to solution
MHM Cisco World
VIP
VIP

‎08-15-2022 09:37 AM

can you more elaborate?

0 Helpful

Go to solution
Kyujin Choi
Level 1
Level 1
In response to MHM Cisco World

‎08-15-2022 09:39 AM - last edited on ‎08-17-2022 02:38 AM by Community Manager 

IP prefix-list remote-vpn seq 10 permit 10.1.2.0/32   

 

Above IP prefix contains all 10.1.2.x/32 subnet? 

Go to solution
MHM Cisco World
VIP
VIP
In response to Kyujin Choi

‎08-15-2022 10:20 AM - last edited on ‎08-17-2022 02:39 AM by Community Manager

try this 


ip prefix-list NAME permit 10.1.2.x/24 le 32
0 Helpful

Go to solution
MHM Cisco World
VIP
VIP
In response to MHM Cisco World

‎08-15-2022 11:49 AM

@Harold Ritter
his suggestion is better than Me,
I use Le or equal 32 <<- this meaning any prefix that bit 24 must match the prefix and have mask less than or equal 32 (if some how you have 30, not in this VPN router but in other router that make conflict)
he use ge or equal 32  <<- this meaning any prefix that bit 24 must match the prefix and have mask grater than or equal 32, BUT the 32 is greatest number so this will match only 32, and you will not face any issue in OSPF network. 

Go to solution
Harold Ritter
Level 12
Level 12
In response to Kyujin Choi

‎08-15-2022 11:08 AM - last edited on ‎08-17-2022 02:41 AM by Community Manager

Hi @Kyujin Choi ,

If you only want to allow all the /32 prefixes belonging to 10.1.2.0/24, you need the following

prefix-list:

 

IP prefix-list remote-vpn seq 10 permit 10.1.2.0/24 ge 32

Regards,

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card