Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Block country range of IP

Hi,

I have a ASA 5510 device. I have been asked to block Ip range for India from accessing set of servers.

Total   Subnets:  34,675,968

I really don't want to create a two mile long access list with all these subnets.

Is there a easier way of configuring this?

Thank you all. Ths forum is really awesome.

regards,

2 REPLIES

Block country range of IP

I don't think if there is any automated way to do it however under object group will have to call all the subnets if the ACL is too long and some kind of DoS attack is there will also impact performance. Hence instead of blocking should focus on what application/ports are getting expose to outside.

Thanks

Ajay

Block country range of IP

I concur with Ajay. Also, incase if the resources (or server) you are trying to protect by blocking range of IPs allows internet access from 'any' - talk to your systems admin to make sure the server gets up to date patches. To mitigate attacks from ASA end, refer to the below doc...

http://www.cisco.com/en/US/partner/products/ps6120/products_tech_note09186a00809763ea.shtml

hth

MS

1032
Views
0
Helpful
2
Replies
CreatePlease to create content