?
Solved

Importing multiple IPs and domains into a Cisco ACL via ASDM

Posted on 2013-06-26
6
Medium Priority
?
1,994 Views
Last Modified: 2013-06-26
ASDM Version: 7.1(2)

Cisco Hardware:   ASA5510

Hey folks.  I need to import and blacklist a list of varied IP addresses and domains.  No traffic in from them, no traffic out to them.

My questions:

1. In what format, and inside what file type, can I import these individual domains and IP addresses all at the same time (as a network object, or... what)?

2. What is best practice (and how exactly do I) import this list into a rule?

Thanks for your attention.
0
Comment
Question by:Demolay
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
6 Comments
 
LVL 20

Expert Comment

by:rauenpc
ID: 39278161
I'm not very experienced with blocking domain names, but below is a good link on how it's done.

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080940e04.shtml

As far as IP's go, I've never done a bulk import using ASDM nor do I believe that function specifically exists. The easiest way you will be able to get the results you want is to go with object groups. I would add an ACL line to your inbound and outbound ACL's for any taffic going to/from the object group. Then you just need to add all the ip's/networks to the object group and it will block them both directions. This can be done via command line or ASDM, but it is not considered a "bulk import".
0
 

Author Comment

by:Demolay
ID: 39278228
Unfortunately, the list is *very* long and entering them manually is out of the question.
0
 
LVL 20

Accepted Solution

by:
rauenpc earned 2000 total points
ID: 39278655
With command line this shouldn't be too bad of a task. If you are uncomfortable with CLI, you could start off with ASDM to make the object group (and you only need to enter 1 object in the group initially), and then setup the ACL lines. From there you can copy/paste in CLI. You might need to get notepad out and do some edit/replace, or in some cases I've used a combination of excel and notepad in order to get additional text.
0
Looking for the Wi-Fi vendor that's right for you?

We know how difficult it can be to evaluate Wi-Fi vendors, so we created this helpful Wi-Fi Buyer's Guide to help you find the Wi-Fi vendor that's right for your business! Download the guide and get started on our checklist today!

 

Author Comment

by:Demolay
ID: 39278981
Great, that's helpful.  Can you point me towards a helpful CLI guide?
0
 
LVL 20

Expert Comment

by:rauenpc
ID: 39279304
for your case, it might be easier to post a portion of your configuration and we can show you how to make the right changes.

In the ASDM, go to tools --> command line interface
Do a single line command "show run | inc access-group|access-list"

Mask any entry that would identify the company with something like XXXX or xx.xx.xx.xx. This output will show us the ACL's in use and the interfaces they are applied and we can then show what it takes to make the ACL entries and object groups.
0
 

Author Closing Comment

by:Demolay
ID: 39280071
Thank  you!
0

Featured Post

Looking for a new Web Host?

Lunarpages' assortment of hosting products and solutions ensure a perfect fit for anyone looking to get their vision or products to market. Our award winning customer support and 30-day money back guarantee show the pride we take in being the industry's premier MSP.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

You deserve ‘straight talk’ from your cloud provider about your risk, your costs, security, uptime and the processes that are in place to protect your mission-critical applications.
This program is used to assist in finding and resolving common problems with wireless connections.
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…
Suggested Courses

650 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question