10-23-2009 11:23 AM
I am testing IP blacklists through the botnet filter.
If I try to add:
62.5.128.0/17
to the blacklist - I get the error message 'The netmask is not valid'. Can anyone explain that? I mean, that is a valid netmask is it not?
**oops. Misposted in wrong forum. I will repost in security forum. Sorry.**
10-23-2009 01:39 PM
can you try to use "255.255.128.0" instead of "/17".
10-23-2009 02:11 PM
no.. it will not take that format. It specifically calls (Through ASDM that is) for
1) hostname
2) specific IP
3) net mask in 10.10.20.0/24 format.
I am starting to think it will only take masks on major octets, like /8 /16 and /24 and the corresponding octets must be zero.
it will take:
62.5.0.0/16
or:
62.5.128.0/24
but not:
62.5.128.0/17
10-23-2009 02:27 PM
can you try the command line to see if you can do it?
I checked the command reference and did not see it specify this limitation.
http://www.cisco.com/en/US/docs/security/asa/asa82/command/reference/a2.html#wp1668380
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide