Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
500
Views
0
Helpful
6
Replies

Blacklist

tschmidtty8666
Level 1
Level 1

‎11-05-2015 06:49 AM - edited ‎03-11-2019 11:50 PM

Hello,

This is my first post, so i applogise in advance if this is a stupid question. The managment at my company want me to set up a blacklist on out external facing ASA 5540. I set up a network object group the explictly denies any incomming traffic from the outside and began to add IP object to that group and everything is working fine.

However, here is were the problem lies. My security group as asked me to add a group of IP addresses(about 600) to the blacklist ASAP, but the only way i can do it is by adding one at a time. 

Does anyone know a way that i can add multiple network object (about 600) all in one go?

Labels:
0 Helpful
6 Replies 6

Akshay Rastogi
Cisco Employee
Cisco Employee

‎11-05-2015 07:10 AM

Hi there,

You could configure object network group and add host in it. Then you could call that object-group in that access-list as one entry:

http://www.cisco.com/c/en/us/td/docs/security/asa/asa82/configuration/guide/config/objectgroups.html#wp1071777

Hope that helps.

Regards,

Akshay Rastogi

0 Helpful

tschmidtty8666
Level 1
Level 1
In response to Akshay Rastogi

‎11-05-2015 07:15 AM

That is how i have it set up, but i need to figure out how to add 600 individual hosts from a spreadsheet, with out doing one at a time.  is there a way i can just copy and past all 600 into the group with out having to type "network-object host" before each one?

0 Helpful

Akshay Rastogi
Cisco Employee
Cisco Employee
In response to tschmidtty8666

‎11-05-2015 07:32 AM

Hi,

I believe you need ASDM now. WIth CLI you need to configure that way. However you could configure this with ASDM :

http://www.cisco.com/c/en/us/td/docs/security/asa/asa90/asdm70/configuration_guide/asdm_70_config/acl_objects.html#pgfId-1543634

This explains how to configure Network object and groups through ASDM.

Regards,

Akshay Rastogi

0 Helpful

tschmidtty8666
Level 1
Level 1
In response to Akshay Rastogi

‎11-06-2015 06:39 AM

I understand how to use ASDM, what I'm asking is if there is a way to add a list of IP address all at once....instead of adding one at a time. i need to enter approx 600 (non consecutive) IP addresses to the firewall.

0 Helpful

Shivapramod M
Level 1
Level 1
In response to tschmidtty8666

‎11-06-2015 07:31 AM

Hi There,

There is no simple way to do this. You have to manually add the IP address. only the comman value will be "network-object host".

But I do not understand the need of such tryp of black list. the firewall will anyway drop the packet from outside to inside becasuse of the implicit deny. 

Thanks,

Shivapramod 

0 Helpful

Akshay Rastogi
Cisco Employee
Cisco Employee
In response to tschmidtty8666

‎11-06-2015 08:09 AM

Hi,

All IP address to add in a single line is not possible. From ASDM you could add them through click on 'Add' to add them on the right side.

However instead of adding IPs to Network object group, you could directly add entry in the existing access list with different source IP address in a single line(write ip addresses, separated by comma).

Regards,

Akshay Rastogi

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card