Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
New Member

How to block foreign countries?

Is there a simple way to block ip addresses by foreign countries? There is so many network addresses needs to be blocked, it seems it is not practical on the ASA. Can someone give me some suggestions on this?

2 REPLIES

Re: How to block foreign countries?

You would need to gather info on Public IP block assigments by country, based on gather IP block assigments you can block the entrirely ip blocks at an edge router outside your firewall, you can create a deny acl, summarize ip blocks assigememst using wildcard mask and apply it to your inbound interface.

Database search for IP blocks by countries

http://www.countryipblocks.net/

Info on IANA, global coordination of IP global addressing.

http://www.iana.com/

Follow similar example on bellow link acls but use unwanted public IP blocks in acls.

Filtering at the edge

http://www.cisco.com/en/US/tech/tk648/tk361/technologies_white_paper09186a00801afc76.shtml

Rgds

Jorge

New Member

How to block foreign countries?

Hi Sir,

I would like to know how to allow  the IP blocks only in USA

2770
Views
5
Helpful
2
Replies
CreatePlease to create content