Admitting IP address ranges

stevebone · Sep 11, 2003

I was wondering if anyone knew if I could allow ranges of IP address through a PIX firewall without having to input an individual command for each one?

routerman · Sep 11, 2003

Yes you can, by using the netmask. So long as the IP addresses are contiguous and fall on subnet bit boundaries then the task is quite easy.

stevebone · Sep 11, 2003

Thanks, that would be good if I wanted the entire address ramge coming in, but what if I wanted only 15 or 20 address that are contiguous coming in? For example,
I wanted 195.106.136.200 -> 224 coming in and not the entire 195.106.136.0 address range.

themut · Sep 11, 2003

Unfortunately you would need to enter them one by one.

stevebone · Sep 11, 2003

Thanks guys

routerman · Sep 11, 2003

In that example I'd use 2 lines:

access-list test permit ip any 195.106.1.200 255.255.255.248
access-list test permit ip any 195.106.1.208 255.255.255.240

The first line covers (last octet) .200 to .207, the second .208 to .224.

Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Admitting IP address ranges

stevebone

IS-IT--Management

routerman

Technical User

stevebone

IS-IT--Management

themut

Technical User

stevebone

IS-IT--Management

routerman

Technical User

Similar threads

Part and Inventory Search

Sponsor