Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > cisco pix default netmask

Reply
Thread Tools

cisco pix default netmask

 
 
dima.kagan@gmail.com
Guest
Posts: n/a
 
      11-06-2006
Hi!

I have a question, to which I couldn't find an answer by searching
google and cisco docs.

Let's say I insert a following command in cisco pix cli:

name 10.1.0.0 test-network

What is the default netmask given by pix for this network, if any? Do I
have to speficy a netmask with a different command, before using this
object in an acl, for example?

The PIX version is 6.3, if it matters.

Thanks!

 
Reply With Quote
 
 
 
 
Lutz Donnerhacke
Guest
Posts: n/a
 
      11-06-2006
* http://www.velocityreviews.com/forums/(E-Mail Removed) wrote:
> name 10.1.0.0 test-network
>
> What is the default netmask given by pix for this network, if any?


There is no netmask with names. The name command substitutes the IP address
with a name regardless of the context, the address is used.
 
Reply With Quote
 
 
 
 
Brian V
Guest
Posts: n/a
 
      11-06-2006

<(E-Mail Removed)> wrote in message
news:(E-Mail Removed) ups.com...
> Hi!
>
> I have a question, to which I couldn't find an answer by searching
> google and cisco docs.
>
> Let's say I insert a following command in cisco pix cli:
>
> name 10.1.0.0 test-network
>
> What is the default netmask given by pix for this network, if any? Do I
> have to speficy a netmask with a different command, before using this
> object in an acl, for example?
>
> The PIX version is 6.3, if it matters.
>
> Thanks!
>


It doesn't, you still need to specify it.
test-network 255.0.0.0 would be 10.X.X.X
test-network 255.255.0.0 would be 10.1.X.X
test-network 255.255.255.0 would be 10.1.0.X
test-network 255.255.255.255 would be host 10.1.0.0


 
Reply With Quote
 
dima.kagan@gmail.com
Guest
Posts: n/a
 
      11-06-2006
Hi!

Thanks for the reply.

Yes, I understand this is like an alias.
However, if I use test-network in an acl, like this:

access-list inside_access_in permit tcp test-network any eq ssh

How will the firewall interpret the 'test-network' object in this case:
1. 10.1.0.0/16
2. 10.1.0.0/24
3. Some other way(?)

Lutz Donnerhacke wrote:
> * (E-Mail Removed) wrote:
> > name 10.1.0.0 test-network
> >
> > What is the default netmask given by pix for this network, if any?

>
> There is no netmask with names. The name command substitutes the IP address
> with a name regardless of the context, the address is used.


 
Reply With Quote
 
dima.kagan@gmail.com
Guest
Posts: n/a
 
      11-06-2006
Thanks!

I got it now. Tried to use it without netmask and got an error.

Dilemma solved!

Brian V wrote:
> <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed) ups.com...
> > Hi!
> >
> > I have a question, to which I couldn't find an answer by searching
> > google and cisco docs.
> >
> > Let's say I insert a following command in cisco pix cli:
> >
> > name 10.1.0.0 test-network
> >
> > What is the default netmask given by pix for this network, if any? Do I
> > have to speficy a netmask with a different command, before using this
> > object in an acl, for example?
> >
> > The PIX version is 6.3, if it matters.
> >
> > Thanks!
> >

>
> It doesn't, you still need to specify it.
> test-network 255.0.0.0 would be 10.X.X.X
> test-network 255.255.0.0 would be 10.1.X.X
> test-network 255.255.255.0 would be 10.1.0.X
> test-network 255.255.255.255 would be host 10.1.0.0


 
Reply With Quote
 
Lutz Donnerhacke
Guest
Posts: n/a
 
      11-06-2006
* (E-Mail Removed) wrote:
> However, if I use test-network in an acl, like this:
> access-list inside_access_in permit tcp test-network any eq ssh
> How will the firewall interpret the 'test-network' object in this case?


The response will be
Illegal command: access-list inside_access_in permit tcp 10.1.0.0 any eq ssh
^
If you want to do this right, please use:

name 10.1.0.0 test-network
name 255.255.255.248 slash-29
access-list inside_access permit tcp test-network slash-29 any eq ssh
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
PIX | odd netmask on nat statement bblackford@gmail.com Cisco 2 02-28-2007 12:04 PM
Strange netmask on PIX logs (712). AM Cisco 1 02-25-2005 10:27 PM
Default Netmask on VPN Client Pete Mainwaring Cisco 0 02-19-2004 02:32 PM
netmask calculation trick Walter Roberson Cisco 4 02-02-2004 05:48 PM
netmask and access-list? Captain Cisco 1 07-10-2003 02:18 PM



Advertisments