ASA 5520 IP range block or Country IP block

Answered Question
Sep 24th, 2010
User Badges:

hi,


i need help on ASA 5520 and i would like to block countries IP address from the attack, there is any way to block countries ip address or range ip address .



Thanks,

Rabih

Correct Answer by puseth about 6 years 9 months ago

You can get the country ip blocks from here:-http://www.countryipblocks.net/country-blocks/19/


And then you can implement ACL's to block traffic coming in from these subnet range's.


Thanks

Puneet

Correct Answer by Jennifer Halim about 6 years 9 months ago

Here is the URL on how to check what IP Range the countries has:

http://www.find-ip-address.org/ip-country/


(NB: pls scroll down to the bottom of the page, choose the country and hit "Submit").


Hope that helps.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
jdarnellacsmi Tue, 10/07/2014 - 06:48
User Badges:

I've created a script where you chose an authority by selecting in a menu and it'll give you the configuration to drop into the ASA. 

https://github.com/in-transit/regional-asa

You can block or allow a specific region if you want. I'll be upgrading it to do specific countries but now it does authorities like ARIN, RIPE, APNIC, etc.

Actions

This Discussion