Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

ASA 5510 bulk acl blocking

Posted on 2009-05-07
3
Medium Priority
?
1,525 Views
Last Modified: 2013-11-16
Is there a way to block multiple IP subnets on the asa 5510. Trying to block all traffic from china and dont want to enter all those subnets into the ACL one at a time. Any suggestions would be nice
0
Comment
Question by:rcooper83
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 79

Accepted Solution

by:
lrmoore earned 375 total points
ID: 24334972
You can create an object-group and apply the object-group to the acl.
object-group network CHINA
 network-object 123.45.67.0 255.255.255.0
 network-object 122.34.56.0 255.255.255.0
 network-object 45.67.0.0 255.255.0.0

You can add/subtract as many networks to the object-group as you want, and never have to change the simple one-line of the ACL
access-list outside_access_in deny ip object-group CHINA any
0
 
LVL 32

Expert Comment

by:harbor235
ID: 24335399



Or you can aggregate IP blocks to block numerous smaller blocks

so for instance you want to block 8 /24s  10.1.0.0/24, 10.1.32.0/24,10.1.64/24, 10.1.96/24,10.1.128/24,10.1.160/24,10.1.64/24,10.1.192/24

or you could just block;

10.1.0.0/21

So you can aggregate smaller IP blocks into supernets if the blocks are aggregatable, they need to be contigous blocks to do so.

harbor235 ;}

harbor235 ;}
0
 
LVL 1

Author Closing Comment

by:rcooper83
ID: 31579250
answer was one way to solve problem but not what I was looking for
0

Featured Post

Looking for the Wi-Fi vendor that's right for you?

We know how difficult it can be to evaluate Wi-Fi vendors, so we created this helpful Wi-Fi Buyer's Guide to help you find the Wi-Fi vendor that's right for your business! Download the guide and get started on our checklist today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

These are on the increase and getting more common these days. Users who use the Google search engine may complain of having their search redirected to unwanted sites, regardless of what browser is used. This happens when the system is infected with…
If you thought ransomware was bad, think again! Doxware has the potential to be even more damaging.
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

670 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question