Solved

ASA 5510 bulk acl blocking

Posted on 2009-05-07
3
1,518 Views
Last Modified: 2013-11-16
Is there a way to block multiple IP subnets on the asa 5510. Trying to block all traffic from china and dont want to enter all those subnets into the ACL one at a time. Any suggestions would be nice
0
Comment
Question by:rcooper83
3 Comments
 
LVL 79

Accepted Solution

by:
lrmoore earned 125 total points
ID: 24334972
You can create an object-group and apply the object-group to the acl.
object-group network CHINA
 network-object 123.45.67.0 255.255.255.0
 network-object 122.34.56.0 255.255.255.0
 network-object 45.67.0.0 255.255.0.0

You can add/subtract as many networks to the object-group as you want, and never have to change the simple one-line of the ACL
access-list outside_access_in deny ip object-group CHINA any
0
 
LVL 32

Expert Comment

by:harbor235
ID: 24335399



Or you can aggregate IP blocks to block numerous smaller blocks

so for instance you want to block 8 /24s  10.1.0.0/24, 10.1.32.0/24,10.1.64/24, 10.1.96/24,10.1.128/24,10.1.160/24,10.1.64/24,10.1.192/24

or you could just block;

10.1.0.0/21

So you can aggregate smaller IP blocks into supernets if the blocks are aggregatable, they need to be contigous blocks to do so.

harbor235 ;}

harbor235 ;}
0
 
LVL 1

Author Closing Comment

by:rcooper83
ID: 31579250
answer was one way to solve problem but not what I was looking for
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Optimal Xbox 360 connectivity requires "OPEN NAT". If you use Juniper Netscreen or SSG firewall products in a home setting, the following steps will allow you get rid of the dreaded warning screen below and achieve the best online gaming environment…
By the time you finish reading this article, you may have already lost all your money because you don't know the simple steps to securing your BitCoin wallet. BitCoin is an incredible invention. It is a decentralized currency system, which is the…
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

828 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question