Solved

How do I BLOCK entire IP range as source in CISCO ASA5505 FIREWALL and ACL using SDM

Posted on 2013-06-24
6
544 Views
Last Modified: 2013-07-03
I would like to block, i.e. deny access to an entire IP range as source in CISCO ASA5505 firewall and ACL using Security Device Manager (SDM).

I know how to block any individual IP using SDM, but I do not know how to define an entire range, for example: 100.100.0.0. up to 100.100.255.255.

Please look at the attached .jpeg figure.

Any help on specific steps to make using SDM interface, please?
Example-of-blocking-an-individua.jpg
0
Comment
Question by:Dr.Costas Sachpazis
  • 4
  • 2
6 Comments
 
LVL 20

Expert Comment

by:rauenpc
ID: 39271330
The drop down menu for type (which in the picture is set to HOST/IP address) should have an option for network, subnet, or range. Selecting one of these options (I can't remember how the drop down is worked but it will be close) will then present you with a spot to type in both an IP address and a subnet mask. This will give you the ability to deny/ally and entire range of IP's.
0
 

Author Comment

by:Dr.Costas Sachpazis
ID: 39271354
Thank you Rauenpc. I will have a look and I will let you know.
0
 

Author Comment

by:Dr.Costas Sachpazis
ID: 39271399
So Rauenpc, as you can see in the attached figure, there is an option for "A Network", in the drop down menu.

Below that, there is a "Wildcard Mask" window, with a drop down menu, indicating specific and concrete addresses.... (as you can see in the attached image).

Therefore, if I want to block an entire range of IPs, for example: 100.100.0.0. up to 100.100.255.255, how in that case should I configure this interface?

Could you explain step by step?
Example-of-blocking-an-individua.jpg
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 20

Accepted Solution

by:
rauenpc earned 500 total points
ID: 39271595
A wildcard mask is essentially the reverse of a subnet mask. There are a lot of neat things you can do with wildcard masks that you can't do with a subnet mask, but most times you won't need to do the "neat" things.

For the most part, if you have a network/subnet, you can take each of the octets and change it to the difference of the subnet octet and 255.

So if you had a subnet of
255.255.255.0, the wildcard would be 0.0.0.255
255.255.252.0, the wildcard would be 0.0.3.255
255.255.0.0, the wildcard would be 0.0.255.255 (this covers your specific example)

to cover 100.100.0.0/16, the wildcard would be 0.0.255.255.
0
 

Author Comment

by:Dr.Costas Sachpazis
ID: 39271726
Thank you Rauenpc.

So, is that correct, as shown in the attached figure?

Remember, I want to block the entire range of IPs, from: 100.100.0.0 up to: 100.100.255.255.
Example-of-blocking-a-range-of-I.jpg
0
 

Author Comment

by:Dr.Costas Sachpazis
ID: 39272112
Hello Rauenpc.

I am waiting for an answer from you, regarding wether this is correct or not, as shown in the previous attached figure?

Regards
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Windows Filtering Blocking some port 80 Event 5152 2 100
Microsoft Advanced Firewall Isolation 6 77
SQL Server 2014 Setup Question 5 136
Unblock IP Address in Sonicwall 3 83
Wikipedia defines 'Script Kiddies' in this informal way: "In hacker culture, a script kiddie, occasionally script bunny, skiddie, script kitty, script-running juvenile (SRJ), or similar, is a derogatory term used to describe those who use scripts or…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question