Wild Card Question

Not really an Access List question ubt here;s the scenario.

I have a 2 networks with a VPN tunnel established between the two, but I'm worried about one side being able to access ALL of the hosts on a given network.

So what would be the wildcard mask oif I only wanted one side to only access 3 specific hosts.

ex. Atlanta < - - - - - - - - - - - - - - > New York
<

> 10.0.10.0/24
I only want atlanta to be able to access 10.0.10.11-14 using one wild card mask.

Not sure if this is possible but just wondering.

Thanks

Find more posts tagged with

Save $250 on 2025 certification boot camps from Infosec!

Book now with code EOY2025

Button

Comments

Netstudent

I don;t think you can include those exact adresses in one inverse mask.

bighornsheep

From what I can figure out, I think you will need at least 3 statements to ONLY permit .11 thourgh .14 and deny rest.

You will need a permit host 10.0.10.11, a deny host 10.0.10.15, then permit 10.0.10.0 0.0.0.3 which will allow .12 .13 .14

NeonNoodle

You've got four hosts .11, .12, .13 and .14, not three.
You'll have to make one access-list for .11, one for .12-.13, and another for .14.

Edit: Or you can do what bighornsheep, who beat me to the punch, suggested.

dtlokee

11-14 won't fit into a single line summary without including other addresses

11 - 0000 1011
12 - 0000 1100
13 - 0000 1101
14 - 0000 1110

as you can see they all match "0000 1xxx" yeilding a WC mask of "0000 0111" (7), but this would include all the addresses from 8 - 15, not just the 11-14.

The best you could do would be 3 lines,

permit host 10.0.10.11
deny host 10.0.10.15
permit 10.0.0.12 0.0.0.3

bighornsheep

dtlokee wrote:

The best you could do would be 3 lines,

permit host 10.0.10.11
deny host 10.0.10.15
permit 10.0.0.12 0.0.0.3

NeonNoodle wrote:

Edit: Or you can do what bighornsheep, who beat me to the punch, suggested.

hehehe...

cheers~