I have a customer that wants to restrict inbound access from the internet to their webservers to only North American traffic. They have indicated that they have a list of 40,000 IPs that they want to explicitly allow. They would like this restricted access to be provided by the ASA. The IPs are not contiguous. I can't see how this could possibly be done via access-lists that would not kill the box. Any suggestions?
Thanks in advance.