cisco pix default netmask

Hi!

I have a question, to which I couldn't find an answer by searching
google and cisco docs.

Let's say I insert a following command in cisco pix cli:

name 10.1.0.0 test-network

What is the default netmask given by pix for this network, if any? Do I
have to speficy a netmask with a different command, before using this
object in an acl, for example?

The PIX version is 6.3, if it matters.

Thanks!

 

There is no netmask with names. The name command substitutes the IP address
with a name regardless of the context, the address is used.

 

It doesn't, you still need to specify it.
test-network 255.0.0.0 would be 10.X.X.X
test-network 255.255.0.0 would be 10.1.X.X
test-network 255.255.255.0 would be 10.1.0.X
test-network 255.255.255.255 would be host 10.1.0.0

 

Hi!

Thanks for the reply.

Yes, I understand this is like an alias.
However, if I use test-network in an acl, like this:

access-list inside_access_in permit tcp test-network any eq ssh

How will the firewall interpret the 'test-network' object in this case:
1. 10.1.0.0/16
2. 10.1.0.0/24
3. Some other way(?)

 

Thanks!

I got it now. Tried to use it without netmask and got an error.

Dilemma solved!

 

The response will be
Illegal command: access-list inside_access_in permit tcp 10.1.0.0 any eq ssh
^
If you want to do this right, please use:

name 10.1.0.0 test-network
name 255.255.255.248 slash-29
access-list inside_access permit tcp test-network slash-29 any eq ssh