So, a client's manager visited a sec con, and has now seen the light - he wants to block all traffic out of anywhere that's destined for them, and only allow US traffic. They've got ASA 5520s.
A little rusty in my ASA commands and logic, so asking the dumb questions...
Created the USA IP blocks list at www.countryipblocks.net
(Yes, I realize that I have to keep checking and updating that list) and am planning on implementing the proper ACLs on the ASA. Thought I'd run it by the experts before I accidentally shoot myself in the foot.
So, I create an object group with the ~44k IPs from the list above.
object-group network USA-IPs
Then, I apply this ACL to only permit traffic from the USA-IPs group and deny the rest.
access-list OutsideACL permit ip object-group USA-IPs any
access-list OutsideACL deny ip any any
So far so good? Ok. Then:
1. Should I do anything else?
2. Did I break anything?
3. What happens to the close to 400 ACLS already in place? They don't refernence anything out of the USA-IPs list.
Any help and/or guidance (in doing the right thing) will be appreciated.