Solved

How do I BLOCK entire IP range as source in CISCO ASA5505 FIREWALL and ACL using SDM

Posted on 2013-06-24
6
548 Views
Last Modified: 2013-07-03
I would like to block, i.e. deny access to an entire IP range as source in CISCO ASA5505 firewall and ACL using Security Device Manager (SDM).

I know how to block any individual IP using SDM, but I do not know how to define an entire range, for example: 100.100.0.0. up to 100.100.255.255.

Please look at the attached .jpeg figure.

Any help on specific steps to make using SDM interface, please?
Example-of-blocking-an-individua.jpg
0
Comment
Question by:Dr.Costas Sachpazis
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
6 Comments
 
LVL 20

Expert Comment

by:rauenpc
ID: 39271330
The drop down menu for type (which in the picture is set to HOST/IP address) should have an option for network, subnet, or range. Selecting one of these options (I can't remember how the drop down is worked but it will be close) will then present you with a spot to type in both an IP address and a subnet mask. This will give you the ability to deny/ally and entire range of IP's.
0
 

Author Comment

by:Dr.Costas Sachpazis
ID: 39271354
Thank you Rauenpc. I will have a look and I will let you know.
0
 

Author Comment

by:Dr.Costas Sachpazis
ID: 39271399
So Rauenpc, as you can see in the attached figure, there is an option for "A Network", in the drop down menu.

Below that, there is a "Wildcard Mask" window, with a drop down menu, indicating specific and concrete addresses.... (as you can see in the attached image).

Therefore, if I want to block an entire range of IPs, for example: 100.100.0.0. up to 100.100.255.255, how in that case should I configure this interface?

Could you explain step by step?
Example-of-blocking-an-individua.jpg
0
Optimize your web performance

What's in the eBook?
- Full list of reasons for poor performance
- Ultimate measures to speed things up
- Primary web monitoring types
- KPIs you should be monitoring in order to increase your ROI

 
LVL 20

Accepted Solution

by:
rauenpc earned 500 total points
ID: 39271595
A wildcard mask is essentially the reverse of a subnet mask. There are a lot of neat things you can do with wildcard masks that you can't do with a subnet mask, but most times you won't need to do the "neat" things.

For the most part, if you have a network/subnet, you can take each of the octets and change it to the difference of the subnet octet and 255.

So if you had a subnet of
255.255.255.0, the wildcard would be 0.0.0.255
255.255.252.0, the wildcard would be 0.0.3.255
255.255.0.0, the wildcard would be 0.0.255.255 (this covers your specific example)

to cover 100.100.0.0/16, the wildcard would be 0.0.255.255.
0
 

Author Comment

by:Dr.Costas Sachpazis
ID: 39271726
Thank you Rauenpc.

So, is that correct, as shown in the attached figure?

Remember, I want to block the entire range of IPs, from: 100.100.0.0 up to: 100.100.255.255.
Example-of-blocking-a-range-of-I.jpg
0
 

Author Comment

by:Dr.Costas Sachpazis
ID: 39272112
Hello Rauenpc.

I am waiting for an answer from you, regarding wether this is correct or not, as shown in the previous attached figure?

Regards
0

Featured Post

When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The DROP (Spamhaus Don't Route Or Peer List) is a small list of IP address ranges that have been stolen or hijacked from their rightful owners. The DROP list is not a DNS based list.  It is designed to be downloaded as a file, with primary intention…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
This is my first video review of Microsoft Bookings, I will be doing a part two with a bit more information, but wanted to get this out to you folks.
This tutorial will teach you the special effect of super speed similar to the fictional character Wally West aka "The Flash" After Shake : http://www.videocopilot.net/presets/after_shake/ All lightning effects with instructions : http://www.mediaf…
Suggested Courses

632 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question