Wild Card Question

deviantlifex · October 2007

Not really an Access List question ubt here;s the scenario.

I have a 2 networks with a VPN tunnel established between the two, but I'm worried about one side being able to access ALL of the hosts on a given network.

So what would be the wildcard mask oif I only wanted one side to only access 3 specific hosts.

ex. Atlanta < - - - - - - - - - - - - - - > New York
<

> 10.0.10.0/24
I only want atlanta to be able to access 10.0.10.11-14 using one wild card mask.

Not sure if this is possible but just wondering.

Thanks

Netstudent · October 2007

I don;t think you can include those exact adresses in one inverse mask.

bighornsheep · October 2007

From what I can figure out, I think you will need at least 3 statements to ONLY permit .11 thourgh .14 and deny rest.

You will need a permit host 10.0.10.11, a deny host 10.0.10.15, then permit 10.0.10.0 0.0.0.3 which will allow .12 .13 .14

NeonNoodle · October 2007

You've got four hosts .11, .12, .13 and .14, not three.
You'll have to make one access-list for .11, one for .12-.13, and another for .14.

Edit: Or you can do what bighornsheep, who beat me to the punch, suggested.

dtlokee · October 2007

11-14 won't fit into a single line summary without including other addresses

11 - 0000 1011
12 - 0000 1100
13 - 0000 1101
14 - 0000 1110

as you can see they all match "0000 1xxx" yeilding a WC mask of "0000 0111" (7), but this would include all the addresses from 8 - 15, not just the 11-14.

The best you could do would be 3 lines,

permit host 10.0.10.11
deny host 10.0.10.15
permit 10.0.0.12 0.0.0.3

bighornsheep · October 2007

dtlokee wrote:

The best you could do would be 3 lines,

permit host 10.0.10.11
deny host 10.0.10.15
permit 10.0.0.12 0.0.0.3

NeonNoodle wrote:

Edit: Or you can do what bighornsheep, who beat me to the punch, suggested.

hehehe...

cheers~

Wild Card Question

Comments