Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
450
Views
0
Helpful
2
Replies

Error parsing destination mask

chris_moyzan
Level 1
Level 1

‎06-17-2008 11:48 AM

Hi everyone, here`s a basic question for you. I`m trying to make an ACL that would allow traffic to IPs that end with a .9

Here`s what I put in the ACL: permit ip any 0.0.0.9 255.255.255.0

This is an ACL that`s used with Cisco ACS when clients connect to our 3020 VPN concentrator. Checking the 3020 logs, I see this message once I try to connect: 9664 06/17/2008 13:34:51.840 SEV=4 FILTERDBG/39 RPT=4

Error parsing destination mask: 255.255.255.0, in rule (permit ip any 0.0.0.9 25

5.255.255.0).

Tearing down tunnel.

Is there something I'm doing wrong with the mask? I've seen this used in an ACL on one of our router and it's working fine. Is it a 3020 thing? If so, what can I do to permit access to x.x.x.9 only?

Thanks in advance,

Chris

Labels:
0 Helpful
2 Replies 2

Farrukh Haroon
VIP Alumni
VIP Alumni

‎06-18-2008 11:20 AM

The VPN concentrator uses wild-card masks and not subnet-masks like the ASA/PIX, have a look at:

http://www.cisco.com/en/US/docs/security/vpn3000/vpn3000_47/administration/guide/dynfilt.html

Regards

Farrukh

0 Helpful

chris_moyzan
Level 1
Level 1
In response to Farrukh Haroon

‎06-19-2008 03:28 AM

I understand that, that's why I put 255.255.255.0 so that only the last octet is relevent (in this case, the .9). If I put 0.0.0.255, it will be 0.0.0.x

I really want x.x.x.9 to be permitted...

0 Helpful
Customers Also Viewed These Support Documents