cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
451
Views
0
Helpful
2
Replies

Error parsing destination mask

chris_moyzan
Level 1
Level 1

Hi everyone, here`s a basic question for you. I`m trying to make an ACL that would allow traffic to IPs that end with a .9

Here`s what I put in the ACL: permit ip any 0.0.0.9 255.255.255.0

This is an ACL that`s used with Cisco ACS when clients connect to our 3020 VPN concentrator. Checking the 3020 logs, I see this message once I try to connect: 9664 06/17/2008 13:34:51.840 SEV=4 FILTERDBG/39 RPT=4

Error parsing destination mask: 255.255.255.0, in rule (permit ip any 0.0.0.9 25

5.255.255.0).

Tearing down tunnel.

Is there something I'm doing wrong with the mask? I've seen this used in an ACL on one of our router and it's working fine. Is it a 3020 thing? If so, what can I do to permit access to x.x.x.9 only?

Thanks in advance,

Chris

2 Replies 2

Farrukh Haroon
VIP Alumni
VIP Alumni

The VPN concentrator uses wild-card masks and not subnet-masks like the ASA/PIX, have a look at:

http://www.cisco.com/en/US/docs/security/vpn3000/vpn3000_47/administration/guide/dynfilt.html

Regards

Farrukh

I understand that, that's why I put 255.255.255.0 so that only the last octet is relevent (in this case, the .9). If I put 0.0.0.255, it will be 0.0.0.x

I really want x.x.x.9 to be permitted...