Solved

How do I BLOCK entire IP range as source in CISCO ASA5505 FIREWALL and ACL using SDM

Posted on 2013-06-24
6
546 Views
Last Modified: 2013-07-03
I would like to block, i.e. deny access to an entire IP range as source in CISCO ASA5505 firewall and ACL using Security Device Manager (SDM).

I know how to block any individual IP using SDM, but I do not know how to define an entire range, for example: 100.100.0.0. up to 100.100.255.255.

Please look at the attached .jpeg figure.

Any help on specific steps to make using SDM interface, please?
Example-of-blocking-an-individua.jpg
0
Comment
Question by:Dr.Costas Sachpazis
  • 4
  • 2
6 Comments
 
LVL 20

Expert Comment

by:rauenpc
ID: 39271330
The drop down menu for type (which in the picture is set to HOST/IP address) should have an option for network, subnet, or range. Selecting one of these options (I can't remember how the drop down is worked but it will be close) will then present you with a spot to type in both an IP address and a subnet mask. This will give you the ability to deny/ally and entire range of IP's.
0
 

Author Comment

by:Dr.Costas Sachpazis
ID: 39271354
Thank you Rauenpc. I will have a look and I will let you know.
0
 

Author Comment

by:Dr.Costas Sachpazis
ID: 39271399
So Rauenpc, as you can see in the attached figure, there is an option for "A Network", in the drop down menu.

Below that, there is a "Wildcard Mask" window, with a drop down menu, indicating specific and concrete addresses.... (as you can see in the attached image).

Therefore, if I want to block an entire range of IPs, for example: 100.100.0.0. up to 100.100.255.255, how in that case should I configure this interface?

Could you explain step by step?
Example-of-blocking-an-individua.jpg
0
Register Today - IoT Current and Future Threats

Are you prepared to protect your organization from current and future IoT Threats?  Join our Wi-Fi expert in episode three of our webinar series for a look at the current state of Wi-Fi IoT and what may lie ahead. Register for our live webinar on April 20th at 9 am PDT!

 
LVL 20

Accepted Solution

by:
rauenpc earned 500 total points
ID: 39271595
A wildcard mask is essentially the reverse of a subnet mask. There are a lot of neat things you can do with wildcard masks that you can't do with a subnet mask, but most times you won't need to do the "neat" things.

For the most part, if you have a network/subnet, you can take each of the octets and change it to the difference of the subnet octet and 255.

So if you had a subnet of
255.255.255.0, the wildcard would be 0.0.0.255
255.255.252.0, the wildcard would be 0.0.3.255
255.255.0.0, the wildcard would be 0.0.255.255 (this covers your specific example)

to cover 100.100.0.0/16, the wildcard would be 0.0.255.255.
0
 

Author Comment

by:Dr.Costas Sachpazis
ID: 39271726
Thank you Rauenpc.

So, is that correct, as shown in the attached figure?

Remember, I want to block the entire range of IPs, from: 100.100.0.0 up to: 100.100.255.255.
Example-of-blocking-a-range-of-I.jpg
0
 

Author Comment

by:Dr.Costas Sachpazis
ID: 39272112
Hello Rauenpc.

I am waiting for an answer from you, regarding wether this is correct or not, as shown in the previous attached figure?

Regards
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
assessing firewall rules 3 93
SQL Server 2014 Setup Question 5 167
BOVPN Created but cant Ping the whole local network from remote host 3 34
Logging pfSense on Kiwi 4 77
If you are like regular user of computer nowadays, a good bet that your home computer is on right now, all exposed to world of Internet to be exploited by somebody you do not know and you never will. Internet security issues has been getting worse d…
To setup a SonicWALL for policy based routing to be used with the Websense Content Gateway there are several steps that need to be completed. Below is a rough guide for accomplishing this. One thing of note is this guide is intended to assist in the…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
In a recent question (https://www.experts-exchange.com/questions/29004105/Run-AutoHotkey-script-directly-from-Notepad.html) here at Experts Exchange, a member asked how to run an AutoHotkey script (.AHK) directly from Notepad++ (aka NPP). This video…

679 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question