Solved: Re: How do I import and block IP addresses by country?

millycorry2010 · ‎11-18-2018

I need to block IP traffics from a certain country. I know I can export a free IP address list from firewall IP generator. The sample output format for Cisco ACL is as below.

What should I do next to import the list to enable blocking in Cisco AXA? I don't want to enter it manually.

# -------------------------------------------------------
# Free IP2Location Firewall List by Country
# Source: https://www.ip2location.com/free/visitor-blocker
# Last Generated: 19 Nov 2018 05:20:52 GMT
# [Important] Please update this list every month
# -------------------------------------------------------
deny ip 201.220.192.0 0.0.31.255 any
deny ip 200.55.178.96 0.0.0.31 any
deny ip 200.55.178.80 0.0.0.7 any
deny ip 200.55.178.64 0.0.0.15 any
deny ip 200.55.178.56 0.0.0.7 any

Abheesh Kumar · ‎11-18-2018

Hi,

You can just create an access-list with the IP's you downloaded and bind it to the outside interface.

For example.

access-list BLOCK_LIST extended deny ip 201.220.192.0 0.0.31.255 any
access-list BLOCK_LIST extended deny ip 200.55.178.96 0.0.0.31 any
access-list BLOCK_LIST extended deny ip 200.55.178.80 0.0.0.7 any

access-group BLOCK_LIST in interface Outside

HTH

Abheesh

View solution in original post

Abheesh Kumar · ‎11-18-2018

Hi,

You can just create an access-list with the IP's you downloaded and bind it to the outside interface.

For example.

access-list BLOCK_LIST extended deny ip 201.220.192.0 0.0.31.255 any
access-list BLOCK_LIST extended deny ip 200.55.178.96 0.0.0.31 any
access-list BLOCK_LIST extended deny ip 200.55.178.80 0.0.0.7 any

access-group BLOCK_LIST in interface Outside

HTH

Abheesh