<div>
Here's an alternative.<br />
Create an object-group<br />
&nbsp;<br />
object-group network BLOCKEDHOSTS<br />
&nbsp; &nbsp;network-object 219.153.0.0 255.255.0.0<br />
&nbsp; &nbsp;network-object 222.73.0.0 255.255.0.0<br />
<br />
Apply the object group to the acl:<br />
&nbsp;access-list outside_access_in deny ip object-group BLOCKEDHOSTS any<br />
<br />
This way, all you have to do is add/subtract network objects from the group and not mess with the acl. Couple mouse clicks in the PDM, or very simple command line
</div>


Here's an alternative.
Create an object-group
 
object-group network BLOCKEDHOSTS
   network-object 219.153.0.0 255.255.0.0
   network-object 222.73.0.0 255.255.0.0

Apply the object group to the acl:
 access-list outside_access_in deny ip object-group BLOCKEDHOSTS any

This way, all you have to do is add/subtract network objects from the group and not mess with the acl. Couple mouse clicks in the PDM, or very simple command line

<div>
<div class="content wysiwyg-content">
Our dedicated server located at a hosting company in the UK is being probed regularly (automated?) by a few machines located in China. I would like to know how to block them.<br />
The server hosts a https website and MS Sql database.<br />
I have the attackers IP addresses and the computer names they are using.<br />
I have access to the Cisco 506E using PIX. <br />
Can I add a filter to block all their IP addresses? The majority come from 219.153.*.* and 222.73.*.*<br />
Much appreciate any help you can provide.<br />
regards,<br />
<br />
Howard
</div>
</div>


Our dedicated server located at a hosting company in the UK is being probed regularly (automated?) by a few machines located in China. I would like to know how to block them.
The server hosts a https website and MS Sql database.
I have the attackers IP addresses and the computer names they are using.
I have access to the Cisco 506E using PIX. 
Can I add a filter to block all their IP addresses? The majority come from 219.153.*.* and 222.73.*.*
Much appreciate any help you can provide.
regards,

Howard

How do I block an attacking host/network (or the whole of China?!) using a Cisco 506e

Cisco PIX is a dedicated hardware firewall appliance; the Cisco Adaptive Security Appliance (ASA) is a firewall and anti-malware security appliance that provides unified threat management and protection the PIX does not. Other Cisco devices and systems include routers, switches, storage networking, wireless and the software and hardware for PIX Firewall Manager (PFM), PIX Device Manager (PDM) and Adaptive Security Device Manager (ASDM).