Solved: Blocking A Suspicious IP Address

sadik.bash · ‎12-30-2012

Hell,

I have discovered that there is a suspecious IP address that I need to block from accessing our network. It is a potential attack on our network. Would be the best way to accomplish that on the ASA?

Much appreciated.

Best, ~sK

Marvin Rhoads · ‎12-31-2012

Assuming you allow outside traffic in to a web server via some NATted address...

Precede your existing "permit" access-list entry with a deny for that specific IP address. The syntax varies according to how you've allowed access in your existing configurations; but it would generally look something like this:

access-list outside-in deny tcp host host eq www

access-list outside in permit tcp any host eq www

The key element is for the deny entry to be encountered first since ACE entries are processed in order with the first match kicking the packet out to the next element in the system for processing. Matching a "deny" ACE will discard the packet.

View solution in original post

Marvin Rhoads · ‎12-31-2012

Assuming you allow outside traffic in to a web server via some NATted address...

Precede your existing "permit" access-list entry with a deny for that specific IP address. The syntax varies according to how you've allowed access in your existing configurations; but it would generally look something like this:

access-list outside-in deny tcp host host eq www

access-list outside in permit tcp any host eq www

The key element is for the deny entry to be encountered first since ACE entries are processed in order with the first match kicking the packet out to the next element in the system for processing. Matching a "deny" ACE will discard the packet.