Solved: Great, thank you Jody, I

Michal Valach · ‎10-31-2014

Hello all,

can anybody explain me one thing please? I have VPN on cisco router and I want 7 hosts IPs to be able communiate thru VPN. I have this ACL:

10 permit ip 10.1.1.0 0.0.0.7 host 192.168.1.57

What I am wondering if broadcas IP 10.1.1.7 can be represented by host IP?

ghostinthenet · ‎10-31-2014

It can.

Address sets in ACLs have similarities in notation to subnets and subnet masks, but they really aren't the same.

If we were talking about a subnet of 10.1.1.0/29 (255.255.255.248) then you would only have six hosts available on the network: 10.1.1.1-6.

Because we're talking about an ACL, it doesn't really care about subnetting rules. It's just defining anything in the range of 10.1.1.0-7.

So, if your network is 10.1.1.0/24 (255.255.255.0) but you only want the first seven hosts on that network to be able to cross your VPN, that ACL will do the job perfectly because the ACL doesn't consider the 10.1.1.7 address (or any other, for that matter) to be anything special.

View solution in original post

ghostinthenet · ‎10-31-2014

It can.

Address sets in ACLs have similarities in notation to subnets and subnet masks, but they really aren't the same.

If we were talking about a subnet of 10.1.1.0/29 (255.255.255.248) then you would only have six hosts available on the network: 10.1.1.1-6.

Because we're talking about an ACL, it doesn't really care about subnetting rules. It's just defining anything in the range of 10.1.1.0-7.

So, if your network is 10.1.1.0/24 (255.255.255.0) but you only want the first seven hosts on that network to be able to cross your VPN, that ACL will do the job perfectly because the ACL doesn't consider the 10.1.1.7 address (or any other, for that matter) to be anything special.

Michal Valach · ‎11-02-2014

Great, thank you Jody, I thought the same, but needed to confirm :)

VPN interesting traffic