Comprar ou Renovar
Comprar ou Renovar
cancelar
Activar sugestões
A sugestão automática ajuda-o a especificar os resultados de pesquisa sugerindo-lhe correspondências enquanto escreve.
Mostrar resultados para 
Pesquisar em vez de 
Queria dizer: 
cancel
Iniciar uma conversa
354
Apresentações
0
Útil
2
Respostas

Route Based VPNs on ASA 5545 VTI tunnel

fcardoso
Level 1
Level 1

em ‎09-18-2023 10:47 AM

Hi, 

-I tried to configure the interface tunnel on ASA5545 side:

"interface Tunnel1
nameif xxx
ip address 192.168.0.1 255.255.255.252
tunnel source interface outside
tunnel destination example.dnip.xx.com 
ERROR: % Invalid Hostname"

is giving the error "invalid Hostname" ....

-But if i do a ping from the ASA5545 to  "example.dnip.xx.com" it resolves the name and the ping´s work

-my dns configuration is:

DNS server-group DefaultDNS
name-server 8.8.8.8

dns domain-lookup outside

-How can i resolve this issue?

Best Regards

Fernando

 

 



 

 

 

 

 

 

 

 

 

 

Rótulos:
0 Útil
2 RESPOSTAS 2

M02@rt37
VIP
VIP

em ‎09-18-2023 10:56 PM

Hello @fcardoso,

Check here:

https://community.cisco.com/t5/network-security/site-to-site-tunnel-with-fqdn/td-p/1266527

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.
0 Útil

fcardoso
Level 1
Level 1
Em resposta a M02@rt37

em ‎09-19-2023 04:03 AM

Hello M02@rt37 

I check your post and other post https://community.cisco.com/t5/security-knowledge-base/using-hostnames-dns-in-access-lists-configuration-steps-caveats/ta-p/3123480/page/2 and i did the following conf:

Create the FQDN object for the host name in question:

object network obj.example.dnip.com
fqdn example.dnip.xx.com

Add the FQDN Oject to an ACL:

access-list outside_access_in extended deny ip any object obj.example.dnip.com
access-list outside_access_in extended permit ip any any

-If i verify the acl and the dns seems to be OK:

show access-list outside_access_in

access-list outside_access_in line 3 extended deny ip any object obj.example.dnip.com (hitcnt=0)
access-list outside_access_in line 3 extended deny ip any fqdn example.dnip.xx.com (resolved)
access-list outside_access_in line 3 extended deny ip any host xxx.xxx.xxx.xxx (example.dnip.xx.com)

and 

sh dns
Name: example.dnip.xx.com
Address: xxx.xxx.xxx.xxx TTL 00:01:57

- But unfortunately the problem continues, I can't configure the tunnel destination using the hostname....any idea?

thanks

Fernando

 

 

 

0 Útil

Quick links

Navegue pelos links rápidos da Comunidade e usufrua de um conteúdo personalizado e em seu idioma nativo:

Vídeo dos últimos eventos Ajuda sobre a Comunidade Blogs de Segurança
Customers Also Viewed These Support Documents