https://community.cisco.com/t5/network-security/block-country-range-of-ip/m-p/1855333#M489335 <HTML><HEAD></HEAD><BODY><P> I concur with Ajay. Also, incase if the resources (or server) you are trying to protect by blocking range of IPs allows internet access from 'any' - talk to your systems admin to make sure the server gets up to date patches. To mitigate attacks from ASA end, refer to the below doc...</P><P></P><P><A href="http://www.cisco.com/en/US/partner/products/ps6120/products_tech_note09186a00809763ea.shtml">http://www.cisco.com/en/US/partner/products/ps6120/products_tech_note09186a00809763ea.shtml</A></P><P></P><P>hth</P><P>MS</P></BODY></HTML> Thu, 05 Jan 2012 19:10:23 GMT mvsheik123 2012-01-05T19:10:23Z https://community.cisco.com/t5/network-security/block-country-range-of-ip/m-p/1855331#M489331 <P>Hi,</P><P></P><P>I have a ASA 5510 device. I have been asked to block Ip range for India from accessing set of servers. </P><P></P><TABLE border="0" cellpadding="0" cellspacing="0" width="196"><COL width="196" /> <TBODY><TR><TD height="20" style="height: 15pt; width: 147pt;" width="196">Total&nbsp;&nbsp; Subnets:&nbsp; 34,675,968</TD></TR></TBODY></TABLE><P></P><P>I really don't want to create a two mile long access list with all these subnets.</P><P></P><P>Is there a easier way of configuring this?</P><P></P><P></P><P></P><P>Thank you all. Ths forum is really awesome.</P><P></P><P></P><P>regards,</P> Mon, 11 Mar 2019 22:10:32 GMT https://community.cisco.com/t5/network-security/block-country-range-of-ip/m-p/1855331#M489331 sangram palande 2019-03-11T22:10:32Z https://community.cisco.com/t5/network-security/block-country-range-of-ip/m-p/1855332#M489334 <HTML><HEAD></HEAD><BODY><P> I don't think if there is any automated way to do it however under object group will have to call all the subnets if the ACL is too long and some kind of DoS attack is there will also impact performance. Hence instead of blocking should focus on what application/ports are getting expose to outside. </P><P></P><P>Thanks</P><P>Ajay</P></BODY></HTML> Thu, 05 Jan 2012 16:59:14 GMT https://community.cisco.com/t5/network-security/block-country-range-of-ip/m-p/1855332#M489334 ajay chauhan 2012-01-05T16:59:14Z https://community.cisco.com/t5/network-security/block-country-range-of-ip/m-p/1855333#M489335 <HTML><HEAD></HEAD><BODY><P> I concur with Ajay. Also, incase if the resources (or server) you are trying to protect by blocking range of IPs allows internet access from 'any' - talk to your systems admin to make sure the server gets up to date patches. To mitigate attacks from ASA end, refer to the below doc...</P><P></P><P><A href="http://www.cisco.com/en/US/partner/products/ps6120/products_tech_note09186a00809763ea.shtml">http://www.cisco.com/en/US/partner/products/ps6120/products_tech_note09186a00809763ea.shtml</A></P><P></P><P>hth</P><P>MS</P></BODY></HTML> Thu, 05 Jan 2012 19:10:23 GMT https://community.cisco.com/t5/network-security/block-country-range-of-ip/m-p/1855333#M489335 mvsheik123 2012-01-05T19:10:23Z