cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Welcome to Cisco Firewalls Community


2343
Views
0
Helpful
0
Replies
Highlighted
Beginner

sh DNS info: no activated FQDN

Hello everybody,

I have an ASA 5520 that is running 8.4(2) VPN Plus license.

My aim is to block facebook.com for inside network. Below is what I configured

" dns domain-lookup outside

dns server-group DefaultDNS

name-server 4.2.2.2

name-server 8.8.8.8

object network OBJ-FB.COM

fqdn www.facebook.com

access-list ACL-INSIDE line 1 extended deny ip any object OBJ-FB.COM"

The output I receive for Show access-list and Show dns is

SA(config)# sh access-list

access-list cached ACL log flows: total 0, denied 0 (deny-flow-max 4096)

            alert-interval 300

access-list ACL-INSIDE; 2 elements; name hash: 0xfb5f17a8

access-list ACL-INSIDE line 1 extended deny ip any object OBJ-FB.COM 0x797712ab

access-list ACL-INSIDE line 1 extended deny ip any fqdn www.facebook.com (unresolved) (inactive) 0xcb722ebf

access-list ACL-INSIDE line 2 extended permit ip any any (hitcnt=0) 0x2ed1288c

ASA(config)# sh dns

INFO: no activated FQDN

Could some one explain me what is happening? Why is FQDN not activated?

Thank you in advance!

Awais

Everyone's tags (3)
CreatePlease to create content
Content for Community-Ad
FusionCharts will render here