Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

ASA 5520 IP range block or Country IP block

hi,

i need help on ASA 5520 and i would like to block countries IP address from the attack, there is any way to block countries ip address or range ip address .

Thanks,

Rabih

2 ACCEPTED SOLUTIONS

Accepted Solutions
Cisco Employee

Re: ASA 5520 IP range block or Country IP block

Here is the URL on how to check what IP Range the countries has:

http://www.find-ip-address.org/ip-country/

(NB: pls scroll down to the bottom of the page, choose the country and hit "Submit").

Hope that helps.

Community Member

Re: ASA 5520 IP range block or Country IP block

You can get the country ip blocks from here:-http://www.countryipblocks.net/country-blocks/19/

And then you can implement ACL's to block traffic coming in from these subnet range's.

Thanks

Puneet

4 REPLIES
Cisco Employee

Re: ASA 5520 IP range block or Country IP block

Here is the URL on how to check what IP Range the countries has:

http://www.find-ip-address.org/ip-country/

(NB: pls scroll down to the bottom of the page, choose the country and hit "Submit").

Hope that helps.

Community Member

Re: ASA 5520 IP range block or Country IP block

Can I allow just one country and kick the rest off the world out ? As the usa has over 50 .000 ip,s the list of deny will be huge

Community Member

Re: ASA 5520 IP range block or Country IP block

You can get the country ip blocks from here:-http://www.countryipblocks.net/country-blocks/19/

And then you can implement ACL's to block traffic coming in from these subnet range's.

Thanks

Puneet

Community Member

I've created a script where

I've created a script where you chose an authority by selecting in a menu and it'll give you the configuration to drop into the ASA. 

https://github.com/in-transit/regional-asa

You can block or allow a specific region if you want. I'll be upgrading it to do specific countries but now it does authorities like ARIN, RIPE, APNIC, etc.

10517
Views
0
Helpful
4
Replies
CreatePlease to create content