https://community.cisco.com/t5/network-security/asa-5520-name-resolution/m-p/2210164#M349040 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>I imagine that you mean you configure an <STRONG>"object-group network <NAME>"</NAME></STRONG> for each rule you configure on the ASA?</P><P></P><P>Or are you referring to the <STRONG>"name x.x.x.x <NAME>"</NAME></STRONG> which pairs an IP address with a "name" that will very commonly show up on the ASDM side?</P><P></P><P>Starting from software level 8.4(2) you are able to use a FQDN inside an <STRONG>"object network"</STRONG>&nbsp; (object network was introduced in 8.3(1))and create rules based on names. For this to work you will also configure ASAs "outside" interface with&nbsp; DNS Domain Lookup so that the ASA can resolve the DNS name to an IP address.</P><P></P><P>When the above is setup and working the ASA will actually update the ACL rule using the FQDN according to the DNS Domain Lookups it does regularly.</P><P></P><P>Though to my understanding this has its problems and flaws but just though I'd mention as you can build these rules in newer software compared to your 8.0 version.</P><P></P><P>- Jouni</P></BODY></HTML> Wed, 29 May 2013 15:30:49 GMT Jouni Forss 2013-05-29T15:30:49Z https://community.cisco.com/t5/network-security/asa-5520-name-resolution/m-p/2210163#M349039 <P>&nbsp; I have a simple problem.. We have a pair of ASA&nbsp; running 8.0 (old) version. </P><P></P><P>The way we create outbound rules is done through ASDM and when we need to open outbound connections to a server in the internet, we create named object with IP address configured manually.</P><P></P><P>But practically , this doesnt work, since&nbsp; the server is a server name which can resolve to multiple addresses. Everytime the server chagnes its IP the ASA rule needs to be updated.</P><P></P><P>Is there a difference if we add rules through CMD prompt as against ASDM where we need to enter IP addresses?</P><P></P><P>Thanks for helping me out..</P> Tue, 12 Mar 2019 01:50:46 GMT https://community.cisco.com/t5/network-security/asa-5520-name-resolution/m-p/2210163#M349039 TGF_Cisco 2019-03-12T01:50:46Z https://community.cisco.com/t5/network-security/asa-5520-name-resolution/m-p/2210164#M349040 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>I imagine that you mean you configure an <STRONG>"object-group network <NAME>"</NAME></STRONG> for each rule you configure on the ASA?</P><P></P><P>Or are you referring to the <STRONG>"name x.x.x.x <NAME>"</NAME></STRONG> which pairs an IP address with a "name" that will very commonly show up on the ASDM side?</P><P></P><P>Starting from software level 8.4(2) you are able to use a FQDN inside an <STRONG>"object network"</STRONG>&nbsp; (object network was introduced in 8.3(1))and create rules based on names. For this to work you will also configure ASAs "outside" interface with&nbsp; DNS Domain Lookup so that the ASA can resolve the DNS name to an IP address.</P><P></P><P>When the above is setup and working the ASA will actually update the ACL rule using the FQDN according to the DNS Domain Lookups it does regularly.</P><P></P><P>Though to my understanding this has its problems and flaws but just though I'd mention as you can build these rules in newer software compared to your 8.0 version.</P><P></P><P>- Jouni</P></BODY></HTML> Wed, 29 May 2013 15:30:49 GMT https://community.cisco.com/t5/network-security/asa-5520-name-resolution/m-p/2210164#M349040 Jouni Forss 2013-05-29T15:30:49Z https://community.cisco.com/t5/network-security/asa-5520-name-resolution/m-p/2210165#M349041 <HTML><HEAD></HEAD><BODY><P>Here is a link to a document here on the CSC that has information about the thing I mentioned above</P><P></P><P><A class="jive-link-wiki-small" href="https://community.cisco.com/docs/DOC-17014">https://supportforums.cisco.com/docs/DOC-17014</A></P><P></P><P>- Jouni</P></BODY></HTML> Wed, 29 May 2013 15:34:14 GMT https://community.cisco.com/t5/network-security/asa-5520-name-resolution/m-p/2210165#M349041 Jouni Forss 2013-05-29T15:34:14Z https://community.cisco.com/t5/network-security/asa-5520-name-resolution/m-p/2210166#M349042 <HTML><HEAD></HEAD><BODY><P>The underlying function will be the same, regardless if you use CLI or ASDM. The only solution would be to upgrade to at least version 8.4 where you can use FQDNs in ACLs that are resolved to IP-addresses at runtime.</P><P></P><P></P><P>--&nbsp; <BR />Don't stop after you've improved your network! Improve the world by lending money to the working poor: <BR /><A class="jive-link-external-small" href="http://www.kiva.org/invitedby/karsteni">http://www.kiva.org/invitedby/karsteni</A></P></BODY></HTML> Wed, 29 May 2013 15:38:55 GMT https://community.cisco.com/t5/network-security/asa-5520-name-resolution/m-p/2210166#M349042 Karsten Iwen 2013-05-29T15:38:55Z