ASA 5510 bulk acl blocking

Is there a way to block multiple IP subnets on the asa 5510. Trying to block all traffic from china and dont want to enter all those subnets into the ACL one at a time. Any suggestions would be nice
Who is Participating?
lrmooreConnect With a Mentor Commented:
You can create an object-group and apply the object-group to the acl.
object-group network CHINA

You can add/subtract as many networks to the object-group as you want, and never have to change the simple one-line of the ACL
access-list outside_access_in deny ip object-group CHINA any

Or you can aggregate IP blocks to block numerous smaller blocks

so for instance you want to block 8 /24s,,10.1.64/24, 10.1.96/24,10.1.128/24,10.1.160/24,10.1.64/24,10.1.192/24

or you could just block;

So you can aggregate smaller IP blocks into supernets if the blocks are aggregatable, they need to be contigous blocks to do so.

harbor235 ;}

harbor235 ;}
rcooper83Author Commented:
answer was one way to solve problem but not what I was looking for
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.