Wild Card Question

deviantlifexdeviantlifex Member Posts: 7 ■□□□□□□□□□
Not really an Access List question ubt here;s the scenario.

I have a 2 networks with a VPN tunnel established between the two, but I'm worried about one side being able to access ALL of the hosts on a given network.

So what would be the wildcard mask oif I only wanted one side to only access 3 specific hosts.

ex. Atlanta < - - - - - - - - - - - - - - > New York
<
> 10.0.10.0/24
I only want atlanta to be able to access 10.0.10.11-14 using one wild card mask.

Not sure if this is possible but just wondering.

Thanks

Comments

  • NetstudentNetstudent Member Posts: 1,693 ■■■□□□□□□□
    I don;t think you can include those exact adresses in one inverse mask.
    There is no place like 127.0.0.1 BUT 209.62.5.3 is my 127.0.0.1 away from 127.0.0.1!
  • bighornsheepbighornsheep Member Posts: 1,506
    From what I can figure out, I think you will need at least 3 statements to ONLY permit .11 thourgh .14 and deny rest.

    You will need a permit host 10.0.10.11, a deny host 10.0.10.15, then permit 10.0.10.0 0.0.0.3 which will allow .12 .13 .14
    Jack of all trades, master of none
  • NeonNoodleNeonNoodle Member Posts: 92 ■■□□□□□□□□
    You've got four hosts .11, .12, .13 and .14, not three.
    You'll have to make one access-list for .11, one for .12-.13, and another for .14.

    Edit: Or you can do what bighornsheep, who beat me to the punch, suggested.
    I recognize the lion by his paw.
    --Jacob Bernoulli
  • dtlokeedtlokee Member Posts: 2,378 ■■■■□□□□□□
    11-14 won't fit into a single line summary without including other addresses

    11 - 0000 1011
    12 - 0000 1100
    13 - 0000 1101
    14 - 0000 1110

    as you can see they all match "0000 1xxx" yeilding a WC mask of "0000 0111" (7), but this would include all the addresses from 8 - 15, not just the 11-14.

    The best you could do would be 3 lines,

    permit host 10.0.10.11
    deny host 10.0.10.15
    permit 10.0.0.12 0.0.0.3
    The only easy day was yesterday!
  • bighornsheepbighornsheep Member Posts: 1,506
    dtlokee wrote:
    The best you could do would be 3 lines,

    permit host 10.0.10.11
    deny host 10.0.10.15
    permit 10.0.0.12 0.0.0.3
    NeonNoodle wrote:
    Edit: Or you can do what bighornsheep, who beat me to the punch, suggested.

    hehehe...

    cheers~
    Jack of all trades, master of none
Sign In or Register to comment.