Cisco Community
English
Register
The War in Ukraine - Supporting customers, partners and communities. LEARN MORE
Register
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

974
Views
0
Helpful
3
Replies
Ali Razavi
Beginner
Beginner
‎01-10-2014 06:01 AM
‎01-10-2014 06:01 AM

Access Control on ASA 8.2 Using FQDN

Hey everyone,

Can anyone suggest a proper procedure for allowing external access through the ASA using FQDN?  We are in the process of moving an internally hosted system to the cloud (external hosting) and the option of filtering via IP address is not available.  I realize that ASA 8.4 as the added feature of filtering based on DNS name, but how can this be achieved in pre-8.4 ASA versions?

Thanks

Labels:
0 Helpful
3 REPLIES 3
Julio Carvajal
Advisor
Advisor
‎01-10-2014 08:30 AM
‎01-10-2014 08:30 AM

Hello,

It cannot be done.

You could filter HTTP traffic locally using the header host - URI but you cannot filter based on that bud unless running

8.4(2) or higher.

Looking for some Networking Assistance? 
Contact me directly at jcarvaja@laguiadelnetworking.com

I will fix your problem ASAP.

Cheers,

Julio Carvajal Segura
http://laguiadelnetworking.com

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
0 Helpful
Ali Razavi
Beginner
Beginner
‎01-10-2014 01:36 PM
‎01-10-2014 01:36 PM

I actually found the answer here:

https://supportforums.cisco.com/thread/2159975

That's funny, Julio, you're the one who actually provided this solution.

Access-list test permit tcp any any eq 80

Regex google  \.google\.com

policy-map type inspect http GOOGLE

parameters

match not request header host regex GOOGLE

  reset log

class-map TEST

match access-list test

policy-map global_policy

class TEST

inspect http GOOGLE

I have not tested it, but Adam seemed to have marked it as his solution.

0 Helpful
Julio Carvajal
Advisor
Advisor
In response to Ali Razavi
‎01-10-2014 01:41 PM
‎01-10-2014 01:41 PM

Hello,

Yeah man haha but again as I said on this post (the one you created) it will only work for HTTP access.

If that's what you are looking for as I said

You could filter HTTP traffic locally using the header host - URI

That's the only option for you right now and that's what I have proposed on Adam's solution.

If U do not have any other query please mark this as answered as well.

Looking for some Networking Assistance? 
Contact me directly at jcarvaja@laguiadelnetworking.com

I will fix your problem ASAP.

Cheers,

Julio Carvajal Segura
http://laguiadelnetworking.com

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
0 Helpful
Latest Contents
ISE URL Redirection on IOS-XE
Created by Mohsin_Mohamed on 05-20-2022 01:04 PM
0
0
0
0
SymptomsDownloadable ACL (dACL) does not take effect on the IOS-XE Network Access DevicesDiagnosisCreating redirection ACL on the IOS-XE device failed to redirect the specified traffic for captive portal redirectionSolutionEnable device tracking, Below is... view more
Network Security All-in-one ASA FTD WSA Umbrella ISE VPN Lay...
Created by Meddane on 05-17-2022 06:18 AM
2
0
2
0
Multiple Cisco Security Technologies in a single book : ASA Firepower, WSA, Umbrella, ISE and VPN with 100 percent 100 practical scenarios with 70 Labs to cover important topics of the Cisco SCOR Exam. The best part is ISE with interesting scenarios wi... view more
Understanding IP Layer Enforcement on Cisco Umbrella
Created by Meddane on 05-17-2022 03:10 AM
0
10
0
10
Cisco Umbrella is a big DNS service that provides not only the DNS resolution but also if the hosted website is trust or malicious, the idea behind the Layer DNS Security is that the modern attacks uses the DNS in the first step either to redirect the use... view more
Cisco ISE Integration With F5 BIG-IP LTM Load Balancer for G...
Created by Meddane on 05-15-2022 02:24 AM
0
0
0
0
I shared with you this detailed document I created with 27 pages about Cisco ISE Integration With F5 BIG-IP Locar Traffic Manager LTM Load Balancer for Guest Acces.   The method used for Guest Access is the Self-Registration. Healt Monitor using HTTP... view more
Cisco ASA 9.714 version SNMP not working in EVE-NG LAB Envir...
Created by waqas.muhammad49 on 05-10-2022 06:56 AM
0
0
0
0
I created an IPSEC Site to site Tunnel between two ASA Firewalls in EVE-NG topology and i want to plot the IPSEC Site to Site VPN graph on PRTG ? The SNMP Walk command is not getting any output . As the firewall is making SNMP inbound connections with the... view more
Ask a Question
Create
+ Discussion
+ Blog
+ Document
+ Video
+ Project Story
Find more resources
Discussions
Blogs
Documents
Events
Videos
Project Gallery
New Community Member Guide
Related support document topics
Recognize Your Peers
Spotlight Award Nomination
Content for Community-Ad