Access-List Subnetted? 1

[TechJimF]

I am trying to setup an ASA5510 as a EasyVPN server for ASA 5505's as EasyVPN clients. To make things simple I am taking the network 10.150.150.0/24 then subnetting into 32 /29 networks for the 5505's. I keep one routing statement to find these networks through the 5510. Will this also work on the 5510 for access lists (nat zero command and group policy networks to pass through the tunnel).

access-list [i]LISTNAME[/i] extended permit object-group [i]NETWORKLIST[/i] 10.150.150.0 255.255.255.0

Or do I have to create a separate access list for each 10.150.150.0/29 network.....

access-list [i]LISTNAME[/i] extended permit object-group [i]NETWORKLIST[/i] 10.150.150.0 255.255.255.248
access-list [i]LISTNAME[/i] extended permit object-group [i]NETWORKLIST[/i] 10.150.150.8 255.255.255.248
              [b].[/b]
              [b].[/b]
              [b].[/b]
              [b].[/b]
access-list [i]LISTNAME[/i] extended permit object-group [i]NETWORKLIST[/i] 10.150.150.248 255.255.255.248

Thanks in advance,

Jim

 

[Supergrrover]

Yes, that will work for the nat exemption. For the crypto map statements you will need separate ACLs to match the different peer addresses.


Brent
Systems Engineer / Consultant
CCNP, CCSP

 

[TechJimF]

Brent,

When you say peer addresses, are you referring to the remote side and the private IP or the public? The public IP on the remote side will be DHCP, how do I handle that?

Thanks,

Jim

 

[Supergrrover]

Sorry missed the ezvpn server part.

You should be set.


Brent
Systems Engineer / Consultant
CCNP, CCSP

 

[TechJimF]

Worked great, thanks!