Blocking IP on Cisco ASA Firewall

Sample ACL:
 
access-list OUTSIDE-IN-ACL extended deny tcp any any eq 3306
access-list OUTSIDE-IN-ACL extended deny tcp any any eq telnet
access-list OUTSIDE-IN-ACL extended permit icmp any any -> 3rd line

access-list OUTSIDE-IN-ACL extended deny ip host 70.70.70.210 any
in front of your 3rd line "... permit icmp any any".

If you are going to have a lot of these, maybe do:

object-group network BLACKLIST
  network-object host 70.70.70.210
  network-object host another.bad.ip.here
  network-object entire.dubious.subnet.here 255.255.255.0

access-list OUTSIDE-IN-ACL extended deny ip object-group BLACKLIST any

Popular Posts