01-05-2012 08:11 AM - edited 03-11-2019 03:10 PM
Hi,
I have a ASA 5510 device. I have been asked to block Ip range for India from accessing set of servers.
Total Subnets: 34,675,968 |
I really don't want to create a two mile long access list with all these subnets.
Is there a easier way of configuring this?
Thank you all. Ths forum is really awesome.
regards,
01-05-2012 08:59 AM
I don't think if there is any automated way to do it however under object group will have to call all the subnets if the ACL is too long and some kind of DoS attack is there will also impact performance. Hence instead of blocking should focus on what application/ports are getting expose to outside.
Thanks
Ajay
01-05-2012 11:10 AM
I concur with Ajay. Also, incase if the resources (or server) you are trying to protect by blocking range of IPs allows internet access from 'any' - talk to your systems admin to make sure the server gets up to date patches. To mitigate attacks from ASA end, refer to the below doc...
http://www.cisco.com/en/US/partner/products/ps6120/products_tech_note09186a00809763ea.shtml
hth
MS
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide