[c-nsp] access list question with PPTP

Andrey A. Ryazanov sg at di-net.ru
Mon May 16 18:58:54 EDT 2005


In contrast to netmasks, which do not permit mixing 0's and 1's, cisco's wildcards permit 
such.

Eg. 0.0.0.10 (binary 00000000.00000000.00000000.00001010) matches ranges with 2nd and 4th 
bits (counting right to left) varying.

Your access list 7 will match 172.17.100.2/32, 172.17.100.8/32, 172.17.100.10/32, 
172.17.8.2/32, 172.17.8.8/32, 172.17.8.10/32 and 172.17.20.0/24.

Andrey Ryazanov
Network Operations Center
Digital Network JSC
+7 095 723 8332 ext. 203

---------- Original Message -----------
From: Joseph Jackson <JJackson at nos.com>
To: cisco-nsp at puck.nether.net
Sent: Mon, 16 May 2005 09:22:49 -0700
Subject: [c-nsp] access list question with PPTP 

> All,
> 
>             On setting up a remote site the local network engineer has
> created an this config. We are unable to pptp to the RAS server.  A couple
> of questions what do the 0.0.0.10 do?  That's not a valid inverse netmask
> that I know of,  I told him to remove the all the access-lists 7 and just do
> access-list 7 permit ip any any  yet we are still unable to connect to the
> network.  Any help would be great.
> 
> !
> interface FastEthernet0/0
>  description LAN
>  bandwidth 100000
>  ip address 172.17.4.1 255.255.0.0
>  no ip directed-broadcast
>  ip nat inside
>  no ip route-cache
>  no ip mroute-cache
>  speed auto
>  full-duplex
> !
> interface Serial0/0
>  description Interface internet link
>  bandwidth 2048
>  ip address xxx.xxx.xxx.xxx 255.255.255.240 secondary
>  ip address xxx.xxx.xxx.xxx 255.255.255.252
>  no ip directed-broadcast
>  ip nat outside
>  no fair-queue
> !
> ip nat pool no-overload xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx prefix-length 28
> ip nat inside source list 7 pool no-overload
> ip nat inside source static tcp 172.17.8.11 1723 xxx.xxx.xxx.xxx 1723
> extendable
> ip classless
> ip route 0.0.0.0 0.0.0.0 xxx.xxx.xxx.xxx
> no ip http server
> !
> access-list 7 permit 172.17.100.0 0.0.0.10
> access-list 7 permit 172.17.8.0 0.0.0.10
> access-list 7 permit 172.17.20.0 0.0.0.255
> 
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
------- End of Original Message -------



More information about the cisco-nsp mailing list