11-18-2018 09:29 PM - edited 02-21-2020 08:29 AM
I need to block IP traffics from a certain country. I know I can export a free IP address list from firewall IP generator. The sample output format for Cisco ACL is as below.
What should I do next to import the list to enable blocking in Cisco AXA? I don't want to enter it manually.
# ------------------------------------------------------- # Free IP2Location Firewall List by Country # Source: https://www.ip2location.com/free/visitor-blocker # Last Generated: 19 Nov 2018 05:20:52 GMT # [Important] Please update this list every month # ------------------------------------------------------- deny ip 201.220.192.0 0.0.31.255 any deny ip 200.55.178.96 0.0.0.31 any deny ip 200.55.178.80 0.0.0.7 any deny ip 200.55.178.64 0.0.0.15 any deny ip 200.55.178.56 0.0.0.7 any
Solved! Go to Solution.
11-18-2018 09:52 PM
Hi,
You can just create an access-list with the IP's you downloaded and bind it to the outside interface.
For example.
access-list BLOCK_LIST extended deny ip 201.220.192.0 0.0.31.255 any
access-list BLOCK_LIST extended deny ip 200.55.178.96 0.0.0.31 any
access-list BLOCK_LIST extended deny ip 200.55.178.80 0.0.0.7 any
access-group BLOCK_LIST in interface Outside
HTH
Abheesh
11-18-2018 09:52 PM
Hi,
You can just create an access-list with the IP's you downloaded and bind it to the outside interface.
For example.
access-list BLOCK_LIST extended deny ip 201.220.192.0 0.0.31.255 any
access-list BLOCK_LIST extended deny ip 200.55.178.96 0.0.0.31 any
access-list BLOCK_LIST extended deny ip 200.55.178.80 0.0.0.7 any
access-group BLOCK_LIST in interface Outside
HTH
Abheesh
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide