Thanks Craig, I'll recheck and get someone else to review in case I've got jaded eyes. There's are a pair of ASA's on the perimeter but they shouldn't be touching anything going from the vm guest network to the prod servers. Will recheck them as well though. Andrew McBeath

On 9/09/2015, at 12:04 am, Craig Whitmore wrote:

In cisco talk this would be below. (don't people love reverse subnet masks on ciscos)

access-list 1 permit ip 192.168.10.1 0.0.0.254 # Odd Addresses access-list 2 permit ip 192.168.10.0 0.0.0.254 # Even Addresses

-----Original Message----- From: nznog-bounces(a)list.waikato.ac.nz [mailto:nznog-bounces(a)list.waikato.ac.nz] On Behalf Of Craig Whitmore Sent: Wednesday, 9 September 2015 12:01 a.m. To: 'Andrew McBeath'; nznog(a)list.waikato.ac.nz Subject: Re: [nznog] Appeal to bigger brains

➢ VMWare machine (Only one so far – on 10.10.10.0 network - can ping host, can ping external firewall, CAN ONLY PING ODD OR EVEN NUMBERED IP’s DEPENDING ON WETHER IT HAS AN > ➢ ODD\EVEN IP) ie if its forth octet is .125 it can ping .1, .3, .5 but if I change it to .126 it can only ping .2, .4, .6

Sounds like you have an access list /firewalling with .1 instead of .0 (ie 255.255.255.1)

term odd_only { from { source-address { 10.10.10.1/255.255.255.1; } } }

Or

term even_only { from { source-address { 10.10.10.0/255.255.255.1; } } }

_______________________________________________ NZNOG mailing list NZNOG(a)list.waikato.ac.nz http://list.waikato.ac.nz/mailman/listinfo/nznog