Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
5202
Views
5
Helpful
2
Replies

How to block foreign countries?

kope
Level 1
Level 1

‎07-17-2008 12:21 PM - edited ‎03-11-2019 06:16 AM

Is there a simple way to block ip addresses by foreign countries? There is so many network addresses needs to be blocked, it seems it is not practical on the ASA. Can someone give me some suggestions on this?

1 person had this problem
Labels:
0 Helpful
2 Replies 2

JORGE RODRIGUEZ
Level 10
Level 10

‎07-17-2008 01:09 PM

You would need to gather info on Public IP block assigments by country, based on gather IP block assigments you can block the entrirely ip blocks at an edge router outside your firewall, you can create a deny acl, summarize ip blocks assigememst using wildcard mask and apply it to your inbound interface.

Database search for IP blocks by countries

http://www.countryipblocks.net/

Info on IANA, global coordination of IP global addressing.

http://www.iana.com/

Follow similar example on bellow link acls but use unwanted public IP blocks in acls.

Filtering at the edge

http://www.cisco.com/en/US/tech/tk648/tk361/technologies_white_paper09186a00801afc76.shtml

Rgds

Jorge

Jorge Rodriguez

Abhilash Paul
Level 1
Level 1
In response to JORGE RODRIGUEZ

‎12-22-2012 10:14 AM

Hi Sir,

I would like to know how to allow  the IP blocks only in USA

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card