11-30-2015 06:03 AM - edited 03-11-2019 11:58 PM
I was wondering if it's possible to do Geo IP Filtering through my ASA 5520?
11-30-2015 06:16 AM
I suppose you can't.
For such functionality you need upgrade your ASA 5520 to ASA 5500-X with firepower services (actually you need purchase a new one).
11-30-2015 08:13 AM
Yes, you can. But not in a really "usable way". For that you really would need an ASA with FirePOWER instead of the legacy ASA. What is possible with your ASA:
You download the GeoIP database from MaxMind in CSV-format. You convert the CSV to an ACL-style that you import to the ASA. Every time the database is updates (which is once a month for the free database), you repeat to conversion.
Is that an elegant/efficient way to do it? Probably no. But with some scripting skills, it's definitely possible.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide