PIX Firewall commands let you use subnet masking for commands that accept network masks, including the aaa, alias, conduit, debug, global, ip address, linkpath, nat, outbound, route, static, telnet, and tunnel commands. This appendix lists information by subnet mask and identifies which masks are for networks, hosts, and broadcast addresses.
This topics in this appendix are:
The subnet masks are also identified by the number of bits in the mask. Table E-1 lists subnet masks by the number of bits in the network ID.
| Network ID Bits | Host ID Bits | Subnet | Example Notation | # of Subnets | # of Hosts on Each Subnet |
|---|---|---|---|---|---|
24 | 8 | .0 | 192.168.1.1/24 | 1 | 254 |
25 | 7 | .128 | 192.168.1.1/25 | 2 | 126 |
26 | 6 | .192 | 192.168.1.1/26 | 4 | 62 |
27 | 5 | .224 | 192.168.1.1/27 | 8 | 30 |
28 | 4 | .240 | 192.168.1.1/28 | 16 | 14 |
29 | 3 | .248 | 192.168.1.1/29 | 32 | 6 |
30 | 2 | .252 | 192.168.1.1/30 | 64 | 2 |
The .255 mask indicates a single host in a network.
Use subnet information to ensure that your host addresses are in the same subnet and that you are not accidentally using a network or broadcast address for a host.
Subnet mask information is especially valuable when you have disabled Network Address Translation (NAT) using the nat 0 command. PIX Firewall requires that IP addresses on each interface be in different subnets.
However all the hosts on a PIX Firewall interface between the PIX Firewall and the router must be in the same subnet as well. For example, if you have an address such as 204.31.17.0 and you are not using NAT, you could use the 255.255.255.192 subnet mask for all three interfaces and use addresses 204.31.17.1 through 204.31.17.62 for the outside interface, 204.31.17.65 through 204.31.17.126 for the perimeter interface, and 204.31.17.129 through 204.31.17.190 for the inside interface.
Another use for subnet mask information is for network planning when an Internet service provider (ISP) gives you a limited number of IP addresses and requires you to use a specific subnet mask. Use the information in this appendix to ensure that the outside addresses you choose are in the subnet for the appropriate subnet mask.
For example, if your ISP assigns you 204.31.17.176 with a subnet mask of .240, you can see in Table E-5, Subnet Number 12 for the .240 mask, that hosts can have IP addresses of 204.31.17.177 through 204.31.17.190. Because this only yields 14 hosts, you will probably use one for your router, another for the outside interface of the PIX Firewall, one for a static for a web server, if you have it, one for a static for your mail server, and the remaining 10 for global addresses. One of these addresses should be a PAT (Port Address Translation) address so that you do not run out of global addresses.
Table E-2 lists valid addresses for the .128 subnet mask. This mask permits up to 2 subnets with enough host addresses for 126 hosts per subnet.
| Subnet Number | Network Address | Starting Host Address | Ending Host Address | Broadcast Address |
|---|---|---|---|---|
1 | .0 | .1 | .126 | .127 |
2 | .128 | .129 | .254 | .255 |
Table E-3 lists valid addresses for the .192 subnet mask. This mask permits up to 4 subnets with enough host addresses for 62 hosts per subnet.
| Subnet Number | Network Address | Starting Host Address | Ending Host Address | Broadcast Address |
|---|---|---|---|---|
1 | .0 | .1 | .62 | .63 |
2 | .64 | .65 | .126 | .127 |
3 | .128 | .129 | .190 | .191 |
4 | .192 | .193 | .254 | .255 |
Table E-4 lists valid addresses for the .224 subnet mask. This mask permits up to 8 subnets with enough host addresses for 30 hosts per subnet.
| Subnet Number | Network Address | Starting Host Address | Ending Host Address | Broadcast Address |
|---|---|---|---|---|
1 | .0 | .1 | .30 | .31 |
2 | .32 | .33 | .62 | .63 |
3 | .64 | .65 | .94 | .95 |
4 | .96 | .97 | .126 | .127 |
5 | .128 | .129 | .158 | .159 |
6 | .160 | .161 | .190 | .191 |
7 | .192 | .193 | .222 | .223 |
8 | .224 | .225 | .254 | .255 |
Table E-5 lists valid addresses for the .240 subnet mask. This mask permits up to 16 subnets with enough host addresses for 14 hosts per subnet.
| Subnet Number | Network Address | Starting Host Address | Ending Host Address | Broadcast Address |
|---|---|---|---|---|
1 | .0 | .1 | .14 | .15 |
2 | .16 | .17 | .30 | .31 |
3 | .32 | .33 | .46 | .47 |
4 | .48 | .49 | .62 | .63 |
5 | .64 | .65 | .78 | .79 |
6 | .80 | .81 | .94 | .95 |
7 | .96 | .97 | .110 | .111 |
8 | .112 | .113 | .126 | .127 |
9 | .128 | .129 | .142 | .143 |
10 | .144 | .145 | .158 | .159 |
11 | .160 | .161 | .174 | .175 |
12 | .176 | .177 | .190 | .191 |
13 | .192 | .193 | .206 | .207 |
14 | .208 | .209 | .222 | .223 |
15 | .224 | .225 | .238 | .239 |
16 | .240 | .241 | .254 | .255 |
Table E-6 lists valid addresses for the .248 subnet mask. This mask permits up to 32 subnets with enough host addresses for 6 hosts per subnet.
| Subnet Number | Network Address | Starting Host Address | Ending Host Address | Broadcast Address |
|---|---|---|---|---|
1 | .0 | .1 | .6 | .7 |
2 | .8 | .9 | .14 | .15 |
3 | .16 | .17 | .22 | .23 |
4 | .24 | .25 | .30 | .31 |
5 | .32 | .33 | .38 | .39 |
6 | .40 | .41 | .46 | .47 |
7 | .48 | .49 | .54 | .55 |
8 | .56 | .57 | .62 | .63 |
9 | .64 | .65 | .70 | .71 |
10 | .72 | .73 | .78 | .79 |
11 | .80 | .81 | .86 | .87 |
12 | .88 | .89 | .94 | .95 |
13 | .96 | .97 | .102 | .103 |
14 | .104 | .105 | .110 | .111 |
15 | .112 | .113 | .118 | .119 |
16 | .120 | .121 | .126 | .127 |
17 | .128 | .129 | .134 | .135 |
18 | .136 | .137 | .142 | .143 |
19 | .144 | .145 | .150 | .151 |
20 | .152 | .153 | .158 | .159 |
21 | .160 | .161 | .166 | .167 |
22 | .168 | .169 | .174 | .175 |
23 | .176 | .177 | .182 | .183 |
24 | .184 | .185 | .190 | .191 |
25 | .192 | .193 | .198 | .199 |
26 | .200 | .201 | .206 | .207 |
27 | .208 | .209 | .214 | .215 |
28 | .216 | .217 | .222 | .223 |
29 | .224 | .225 | .230 | .231 |
30 | .232 | .233 | .238 | .239 |
31 | .240 | .241 | .246 | .247 |
32 | .248 | .249 | .254 | .255 |
Table E-7 lists valid addresses for the .252 subnet mask. This mask permits up to 64 subnets with enough host addresses for 2 hosts per subnet.
| Subnet Number | Network Address | Starting Host Address | Ending Host Address | Broadcast Address |
|---|---|---|---|---|
1 | .0 | .1 | .2 | .3 |
2 | .4 | .5 | .6 | .7 |
3 | .8 | .9 | .10 | .11 |
4 | .12 | .13 | .14 | .15 |
5 | .16 | .17 | .18 | .19 |
6 | .20 | .21 | .22 | .23 |
7 | .24 | .25 | .26 | .27 |
8 | .28 | .29 | .30 | .31 |
9 | .32 | .33 | .34 | .35 |
10 | .36 | .37 | .38 | .39 |
11 | .40 | .41 | .42 | .43 |
12 | .44 | .45 | .46 | .47 |
13 | .48 | .49 | .50 | .51 |
14 | .52 | .53 | .54 | .55 |
15 | .56 | .57 | .58 | .59 |
16 | .60 | .61 | .62 | .63 |
17 | .64 | .65 | .66 | .67 |
18 | .68 | .69 | .70 | .71 |
19 | .72 | .73 | .74 | .75 |
20 | .76 | .77 | .78 | .79 |
21 | .80 | .81 | .82 | .83 |
22 | .84 | .85 | .86 | .87 |
23 | .88 | .89 | .90 | .91 |
24 | .92 | .93 | .94 | .95 |
25 | .96 | .97 | .98 | .99 |
26 | .100 | .101 | .102 | .103 |
27 | .104 | .105 | .106 | .107 |
28 | .108 | .109 | .110 | .111 |
29 | .112 | .113 | .114 | .115 |
30 | .116 | .117 | .118 | .119 |
31 | .120 | .121 | .122 | .123 |
32 | .124 | .125 | .126 | .127 |
33 | .128 | .129 | .130 | .131 |
34 | .132 | .133 | .134 | .135 |
35 | .136 | .137 | .138 | .139 |
36 | .140 | .141 | .142 | .143 |
37 | .144 | .145 | .146 | .147 |
38 | .148 | .149 | .150 | .151 |
39 | .152 | .153 | .154 | .155 |
40 | .156 | .157 | .158 | .159 |
41 | .160 | .161 | .162 | .163 |
42 | .164 | .165 | .166 | .167 |
43 | .168 | .169 | .170 | .171 |
44 | .172 | .173 | .174 | .175 |
45 | .176 | .177 | .178 | .179 |
46 | .180 | .181 | .182 | .183 |
47 | .184 | .185 | .186 | .187 |
48 | .188 | .189 | .190 | .191 |
49 | .192 | .193 | .194 | .195 |
50 | .196 | .197 | .198 | .199 |
51 | .200 | .201 | .202 | .203 |
52 | .204 | .205 | .206 | .207 |
53 | .208 | .209 | .210 | .211 |
54 | .212 | .213 | .214 | .215 |
55 | .216 | .217 | .218 | .219 |
56 | .220 | .221 | .222 | .223 |
57 | .224 | .225 | .226 | .227 |
58 | .228 | .229 | .230 | .231 |
59 | .232 | .233 | .234 | .235 |
60 | .236 | .237 | .238 | .239 |
61 | .240 | .241 | .242 | .243 |
62 | .244 | .245 | .246 | .247 |
63 | .248 | .249 | .250 | .251 |
64 | .252 | .253 | .254 | .255 |