Demolay
asked on
Importing multiple IPs and domains into a Cisco ACL via ASDM
ASDM Version: 7.1(2)
Cisco Hardware: ASA5510
Hey folks. I need to import and blacklist a list of varied IP addresses and domains. No traffic in from them, no traffic out to them.
My questions:
1. In what format, and inside what file type, can I import these individual domains and IP addresses all at the same time (as a network object, or... what)?
2. What is best practice (and how exactly do I) import this list into a rule?
Thanks for your attention.
Cisco Hardware: ASA5510
Hey folks. I need to import and blacklist a list of varied IP addresses and domains. No traffic in from them, no traffic out to them.
My questions:
1. In what format, and inside what file type, can I import these individual domains and IP addresses all at the same time (as a network object, or... what)?
2. What is best practice (and how exactly do I) import this list into a rule?
Thanks for your attention.
ASKER
Unfortunately, the list is *very* long and entering them manually is out of the question.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Great, that's helpful. Can you point me towards a helpful CLI guide?
for your case, it might be easier to post a portion of your configuration and we can show you how to make the right changes.
In the ASDM, go to tools --> command line interface
Do a single line command "show run | inc access-group|access-list"
Mask any entry that would identify the company with something like XXXX or xx.xx.xx.xx. This output will show us the ACL's in use and the interfaces they are applied and we can then show what it takes to make the ACL entries and object groups.
In the ASDM, go to tools --> command line interface
Do a single line command "show run | inc access-group|access-list"
Mask any entry that would identify the company with something like XXXX or xx.xx.xx.xx. This output will show us the ACL's in use and the interfaces they are applied and we can then show what it takes to make the ACL entries and object groups.
ASKER
Thank you!
http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080940e04.shtml
As far as IP's go, I've never done a bulk import using ASDM nor do I believe that function specifically exists. The easiest way you will be able to get the results you want is to go with object groups. I would add an ACL line to your inbound and outbound ACL's for any taffic going to/from the object group. Then you just need to add all the ip's/networks to the object group and it will block them both directions. This can be done via command line or ASDM, but it is not considered a "bulk import".