ASA 5520 IP range block or Country IP block

Answered Question
Sep 24th, 2010

hi,

i need help on ASA 5520 and i would like to block countries IP address from the attack, there is any way to block countries ip address or range ip address .

Thanks,

Rabih

I have this problem too.
0 votes
Correct Answer by puseth about 6 years 2 months ago

You can get the country ip blocks from here:-http://www.countryipblocks.net/country-blocks/19/

And then you can implement ACL's to block traffic coming in from these subnet range's.

Thanks

Puneet

Correct Answer by Jennifer Halim about 6 years 2 months ago

Here is the URL on how to check what IP Range the countries has:

http://www.find-ip-address.org/ip-country/

(NB: pls scroll down to the bottom of the page, choose the country and hit "Submit").

Hope that helps.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
jdarnellacsmi Tue, 10/07/2014 - 06:48

I've created a script where you chose an authority by selecting in a menu and it'll give you the configuration to drop into the ASA. 

https://github.com/in-transit/regional-asa

You can block or allow a specific region if you want. I'll be upgrading it to do specific countries but now it does authorities like ARIN, RIPE, APNIC, etc.

Actions

This Discussion