11-13-2011 10:54 PM - edited 03-11-2019 02:49 PM
Hi ,
I am getting to many teardown tcp connection for outside interface.
i want to block this ip using CISCO IPS or using A access-list in ASA 5520 .
How can i do that.
Regards,
Prashant.
Solved! Go to Solution.
11-14-2011 12:28 AM
Hi Prashant,
You would need to do that from the ACL, you can try this:
access-list inside_out deny ip host 192.168.1.1 any
access-list inside_out permit ip any any
access-group inside_out in interface inside
Remember to add the ip any any access-list at the bottom otherwise, it would block access to other ip's as well.
Hope that helps
Thanks,
Varun
11-13-2011 11:12 PM
Hi Prashant,
If the traffic that you want to block is coming from internet, then you can use the access-list below;
access-list outside_access_in deny ip host
access-group outside_access_in in interface outside
or you can also shun that ip, using:
shun
this would have the firewall drop the packet without even processing the ACL for it.
Here's the command reference:
http://www.cisco.com/en/US/docs/security/asa/asa82/command/reference/s8.html#wp1525925
Hope that helps.
Thanks,
Varun
11-14-2011 12:08 AM
Hi Varun,
i am getting to many connection from a internal ip 192.68.1.1 ok i want to block this for any destination (Public IP)
Can i do this by IPS ?
if yes please guide me.
Otherwise we have a choice to do that using access-list.
Regards,
Prashant
11-14-2011 12:28 AM
Hi Prashant,
You would need to do that from the ACL, you can try this:
access-list inside_out deny ip host 192.168.1.1 any
access-list inside_out permit ip any any
access-group inside_out in interface inside
Remember to add the ip any any access-list at the bottom otherwise, it would block access to other ip's as well.
Hope that helps
Thanks,
Varun
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide