Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
624
Views
0
Helpful
2
Replies

Block vs. no reply - range of external IP's

Go to solution
alceryes3
Level 1
Level 1

‎06-08-2013 04:59 PM - edited ‎03-04-2019 08:08 PM

5505 - 9.02

I would like to disallow a range of IP's from getting through my firewall and attempting to authenticate. I've got the basic command -

access-list outside_in deny ip X.X.X.X 255.255.255.224 any

But does this command cause my ASA to respond with 'denied' or does it just ignore the traffic? I would rather it just ignore. Also, can the IP range be entered as a slash instead of subnet (i.e. /24 instead of 255.255.255.0)?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Richard Atkin
Level 4
Level 4

‎06-08-2013 09:47 PM

It just drops the traffic silently.

You can also prove this for yourself by downloading Nmap and getting it to port scan the IP(s) you're trying to protect.

Sent from Cisco Technical Support iPhone App

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Richard Atkin
Level 4
Level 4

‎06-08-2013 09:47 PM

It just drops the traffic silently.

You can also prove this for yourself by downloading Nmap and getting it to port scan the IP(s) you're trying to protect.

Sent from Cisco Technical Support iPhone App

0 Helpful

Go to solution
alceryes3
Level 1
Level 1
In response to Richard Atkin

‎06-15-2013 03:08 PM

Thanks!

Do you know if you can enter CIDR's for ACL's with a slash instead of listing the whole subnet?

0 Helpful
Customers Also Viewed These Support Documents