Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1265
Views
0
Helpful
2
Replies

Block country range of IP

sangram palande
Level 1
Level 1

‎01-05-2012 08:11 AM - edited ‎03-11-2019 03:10 PM

Hi,

I have a ASA 5510 device. I have been asked to block Ip range for India from accessing set of servers.

Total   Subnets:  34,675,968

I really don't want to create a two mile long access list with all these subnets.

Is there a easier way of configuring this?

Thank you all. Ths forum is really awesome.

regards,

Labels:
0 Helpful
2 Replies 2

ajay chauhan
Level 7
Level 7

‎01-05-2012 08:59 AM

I don't think if there is any automated way to do it however under object group will have to call all the subnets if the ACL is too long and some kind of DoS attack is there will also impact performance. Hence instead of blocking should focus on what application/ports are getting expose to outside.

Thanks

Ajay

0 Helpful

mvsheik123
Level 7
Level 7
In response to ajay chauhan

‎01-05-2012 11:10 AM

I concur with Ajay. Also, incase if the resources (or server) you are trying to protect by blocking range of IPs allows internet access from 'any' - talk to your systems admin to make sure the server gets up to date patches. To mitigate attacks from ASA end, refer to the below doc...

http://www.cisco.com/en/US/partner/products/ps6120/products_tech_note09186a00809763ea.shtml

hth

MS

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card