Solved

ASA 5510 bulk acl blocking

Posted on 2009-05-07
3
1,522 Views
Last Modified: 2013-11-16
Is there a way to block multiple IP subnets on the asa 5510. Trying to block all traffic from china and dont want to enter all those subnets into the ACL one at a time. Any suggestions would be nice
0
Comment
Question by:rcooper83
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 79

Accepted Solution

by:
lrmoore earned 125 total points
ID: 24334972
You can create an object-group and apply the object-group to the acl.
object-group network CHINA
 network-object 123.45.67.0 255.255.255.0
 network-object 122.34.56.0 255.255.255.0
 network-object 45.67.0.0 255.255.0.0

You can add/subtract as many networks to the object-group as you want, and never have to change the simple one-line of the ACL
access-list outside_access_in deny ip object-group CHINA any
0
 
LVL 32

Expert Comment

by:harbor235
ID: 24335399



Or you can aggregate IP blocks to block numerous smaller blocks

so for instance you want to block 8 /24s  10.1.0.0/24, 10.1.32.0/24,10.1.64/24, 10.1.96/24,10.1.128/24,10.1.160/24,10.1.64/24,10.1.192/24

or you could just block;

10.1.0.0/21

So you can aggregate smaller IP blocks into supernets if the blocks are aggregatable, they need to be contigous blocks to do so.

harbor235 ;}

harbor235 ;}
0
 
LVL 1

Author Closing Comment

by:rcooper83
ID: 31579250
answer was one way to solve problem but not what I was looking for
0

Featured Post

Automating Your MSP Business

The road to profitability.
Delivering superior services is key to ensuring customer satisfaction and the consequent long-term relationships that enable MSPs to lock in predictable, recurring revenue. What's the best way to deliver superior service? One word: automation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

These are on the increase and getting more common these days. Users who use the Google search engine may complain of having their search redirected to unwanted sites, regardless of what browser is used. This happens when the system is infected with…
I recently had to create a utility which aim is to update McAfee's Virusscan and that had to be launched from a command line. I thought I’d share my experience with you. Why is it useful to be able to update an Antivirus from the command line?…
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

632 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question