Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
28181
Views
7
Helpful
11
Replies

cisco asa geo blocking.

Go to solution
nilesh.dubey
Level 1
Level 1

‎02-03-2016 03:57 AM - edited ‎02-21-2020 05:43 AM

Is there a way by which we can block all the connections from a country on Cisco ASA, without we manually defining a ACL.

Hardware- Cisco ASA5510-

Version - 9.0

2 people had this problem
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎02-03-2016 07:31 AM

No.

This sort of functionality is offered in the newer models (ASA 5500-X series) when you add the FirePOWER service modules with their associated license(s).

They can download and auto update a Geolocation database which you can use in your access policy.

View solution in original post

11 Replies 11

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎02-03-2016 07:31 AM

No.

This sort of functionality is offered in the newer models (ASA 5500-X series) when you add the FirePOWER service modules with their associated license(s).

They can download and auto update a Geolocation database which you can use in your access policy.

Go to solution
nilesh.dubey
Level 1
Level 1
In response to Marvin Rhoads

‎02-04-2016 02:36 AM

Hi Marvin,

Thanks!!,

So do i need to purchase license as well along with firewall ?

0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to nilesh.dubey

‎02-04-2016 06:42 AM

I believe if all you want to do is create a policy to allow or block certain countries, you can use the free Control license.

However, if you're going to the effort to configure and use the FirePOWER module NGIPS, it makes sense to buy at least the IPS license.

Available licenses are IPS (Protect), URL Filtering and Malware (Advanced Malware Protection or AMP).

0 Helpful

Go to solution
nilesh.dubey
Level 1
Level 1
In response to Marvin Rhoads

‎02-05-2016 07:34 AM

Hi Marvin,

Thanks for your response.

Regards,

Nilesh

0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to nilesh.dubey

‎02-05-2016 07:36 AM

You're welcome.

Please mark your question as answered if it has been.

0 Helpful

Go to solution
scorpio.besal
Level 1
Level 1
In response to Marvin Rhoads

‎10-02-2017 07:58 AM

Is it possible to use firepower module to block , say China using geo location but allow certain IPs from that country.

0 Helpful

Go to solution
pro_engineering
Level 1
Level 1
In response to scorpio.besal

‎08-24-2018 08:59 AM

Have you got any response for this?

0 Helpful

Go to solution
antonkolev
Level 1
Level 1
In response to Marvin Rhoads

‎10-05-2022 08:23 AM

I dont think this  ever worked 

0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to antonkolev

‎10-05-2022 08:38 AM

You can insert rule(s) with PERMIT action above the rule for geoblocking the entire country. The first match (for action other than monitor) from the top down stops the processing of the rest of rules in the access control policy.

0 Helpful

Go to solution
jueller01
Level 1
Level 1
In response to Marvin Rhoads

‎10-24-2022 01:59 AM

Hi

Is there a way to restrict AnyConnect users from certain countries? I have ASA's on Firepower 1140's.

Regards, Justin

 

Go to solution
kelvindam
Level 1
Level 1

‎02-19-2025 01:08 AM

Old post, but if anyone is still looking to do Geo Blocking on ASA, then check this out : https://software.conscia.com/why-and-how-to-implement-geo-location-blocking-on-cisco-asa/

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card
Top