Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
238
Views
0
Helpful
3
Replies

Allow a single computer access to www.noaa.gov

Go to solution
kdell0001
Level 1
Level 1

‎04-20-2016 10:54 AM - edited ‎03-12-2019 12:38 AM

We have a group of computers denied access outside our network with an access rule setup on our ASA5515.  This rule keeps all computer within a certain subnet from having internet access outside the firewall.  We want to setup 1 computer to have access the weather information at www.noaa.gov. ; I do not have an IP address that will access this website. 

 

Is there a way to set an access rule to use the website name instead of the ip address? 

 

Thanks in advance.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to nspasov

‎04-20-2016 08:33 PM

cisconspasov  

You don't need to resort to regex. You can use a FQDN in an ACL as long as you have defined a working DNS server for the ASA to use.

We usually don't do it or recommend it since we generally don't want to slow down the ASA by having it do DNS lookup but it should work OK for a single host.

kdell0001  

Here's the reference from the configuration guide:

http://www.cisco.com/c/en/us/td/docs/security/asa/asa96/configuration/firewall/asa-96-firewall-config/access-acls.html#ID-2069-00000206

View solution in original post

0 Helpful
3 Replies 3

Go to solution
nspasov
Cisco Employee
Cisco Employee

‎04-20-2016 04:24 PM

You can accomplish this with creating an inspection policy for HTTP and some regex. For more info, check the following link:

http://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/100535-asa-8x-regex-config.html

Thank you for rating helpful posts!

0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to nspasov

‎04-20-2016 08:33 PM

cisconspasov  

You don't need to resort to regex. You can use a FQDN in an ACL as long as you have defined a working DNS server for the ASA to use.

We usually don't do it or recommend it since we generally don't want to slow down the ASA by having it do DNS lookup but it should work OK for a single host.

kdell0001  

Here's the reference from the configuration guide:

http://www.cisco.com/c/en/us/td/docs/security/asa/asa96/configuration/firewall/asa-96-firewall-config/access-acls.html#ID-2069-00000206

0 Helpful

Go to solution
nspasov
Cisco Employee
Cisco Employee
In response to Marvin Rhoads

‎04-21-2016 04:57 PM

Heeey now, no need to bash my regex solution. Some of us like regex :)

Btw, I think we can all agree that getting URL filtering with FirePOWER would be a much cleaner solution and not that expensive!

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card