01-10-2014 06:01 AM - edited 03-11-2019 08:28 PM
Hey everyone,
Can anyone suggest a proper procedure for allowing external access through the ASA using FQDN? We are in the process of moving an internally hosted system to the cloud (external hosting) and the option of filtering via IP address is not available. I realize that ASA 8.4 as the added feature of filtering based on DNS name, but how can this be achieved in pre-8.4 ASA versions?
Thanks
01-10-2014 08:30 AM
Hello,
It cannot be done.
You could filter HTTP traffic locally using the header host - URI but you cannot filter based on that bud unless running
8.4(2) or higher.
Looking for some Networking Assistance?
Contact me directly at jcarvaja@laguiadelnetworking.com
I will fix your problem ASAP.
Cheers,
Julio Carvajal Segura
http://laguiadelnetworking.com
01-10-2014 01:36 PM
I actually found the answer here:
https://supportforums.cisco.com/thread/2159975
That's funny, Julio, you're the one who actually provided this solution.
Access-list test permit tcp any any eq 80
Regex google \.google\.com
policy-map type inspect http GOOGLE
parameters
match not request header host regex GOOGLE
reset log
class-map TEST
match access-list test
policy-map global_policy
class TEST
inspect http GOOGLE
I have not tested it, but Adam seemed to have marked it as his solution.
01-10-2014 01:41 PM
Hello,
Yeah man haha but again as I said on this post (the one you created) it will only work for HTTP access.
If that's what you are looking for as I said
You could filter HTTP traffic locally using the header host - URI
That's the only option for you right now and that's what I have proposed on Adam's solution.
If U do not have any other query please mark this as answered as well.
Looking for some Networking Assistance?
Contact me directly at jcarvaja@laguiadelnetworking.com
I will fix your problem ASAP.
Cheers,
Julio Carvajal Segura
http://laguiadelnetworking.com
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide