Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
6784
Views
5
Helpful
4
Replies

ASA /31 subnet mask

Go to solution
Rajesh Hirani
Level 1
Level 1

‎12-18-2014 08:42 AM - edited ‎02-21-2020 05:21 AM

 

Does any one know the reasoning behind not allowing the ASA to accept the /31 range to be configured on the interface?

 

1 person had this problem
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
nspasov
Cisco Employee
Cisco Employee

‎01-06-2015 08:13 PM

Hey guys, actually Rajesh has a valid request. Using /31 subnet masks is something that has been supported on routers for a while and is a great and valid technique to preserve IP addresses for point-to-point links. For more info check this link:

http://packetlife.net/blog/2008/jun/18/using-31-bit-subnets-on-point-point-links/

Unfortunately, this is not a feature that is currently supported on ASAs. Perhaps this will change in the future but as of the latest code /31 masks are considered invalid. 

 

Thank you for rating helpful posts!

 

View solution in original post

4 Replies 4

Go to solution
Sarbjit-2014
Level 1
Level 1

‎12-19-2014 02:42 AM

Hi Rajesh,

Why would you want to use /31 on a interface its not a valid subnet ?

0 Helpful

Go to solution
Poonam Garg
Level 3
Level 3
In response to Sarbjit-2014

‎12-22-2014 07:04 AM

Hi Rajesh,

With /31 there will be only two IP address possible. One is Network Base Address and other will be  Broadcast Address. So no possible host address. Thats why any interface will not allow /31 notation.

 

HTH

"Please rate helpful posts"

0 Helpful

Go to solution
nspasov
Cisco Employee
Cisco Employee

‎01-06-2015 08:13 PM

Hey guys, actually Rajesh has a valid request. Using /31 subnet masks is something that has been supported on routers for a while and is a great and valid technique to preserve IP addresses for point-to-point links. For more info check this link:

http://packetlife.net/blog/2008/jun/18/using-31-bit-subnets-on-point-point-links/

Unfortunately, this is not a feature that is currently supported on ASAs. Perhaps this will change in the future but as of the latest code /31 masks are considered invalid. 

 

Thank you for rating helpful posts!

 

Go to solution
Mark Walters
Level 1
Level 1

‎06-09-2018 04:49 PM

Hi All - Looks like this feature is supported starting with 9.7(x). thanks, Mark
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card