Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1245
Views
0
Helpful
3
Replies

Access Control on ASA 8.2 Using FQDN

Ali Razavi
Level 1
Level 1

‎01-10-2014 06:01 AM - edited ‎03-11-2019 08:28 PM

Hey everyone,

Can anyone suggest a proper procedure for allowing external access through the ASA using FQDN?  We are in the process of moving an internally hosted system to the cloud (external hosting) and the option of filtering via IP address is not available.  I realize that ASA 8.4 as the added feature of filtering based on DNS name, but how can this be achieved in pre-8.4 ASA versions?

Thanks

Labels:
0 Helpful
3 Replies 3

Julio Carvajal
VIP Alumni
VIP Alumni

‎01-10-2014 08:30 AM

Hello,

It cannot be done.

You could filter HTTP traffic locally using the header host - URI but you cannot filter based on that bud unless running

8.4(2) or higher.

Looking for some Networking Assistance? 
Contact me directly at jcarvaja@laguiadelnetworking.com

I will fix your problem ASAP.

Cheers,

Julio Carvajal Segura
http://laguiadelnetworking.com

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
0 Helpful

Ali Razavi
Level 1
Level 1

‎01-10-2014 01:36 PM

I actually found the answer here:

https://supportforums.cisco.com/thread/2159975

That's funny, Julio, you're the one who actually provided this solution.

Access-list test permit tcp any any eq 80

Regex google  \.google\.com

policy-map type inspect http GOOGLE

parameters

match not request header host regex GOOGLE

  reset log

class-map TEST

match access-list test

policy-map global_policy

class TEST

inspect http GOOGLE

I have not tested it, but Adam seemed to have marked it as his solution.

0 Helpful

Julio Carvajal
VIP Alumni
VIP Alumni
In response to Ali Razavi

‎01-10-2014 01:41 PM

Hello,

Yeah man haha but again as I said on this post (the one you created) it will only work for HTTP access.

If that's what you are looking for as I said

You could filter HTTP traffic locally using the header host - URI

That's the only option for you right now and that's what I have proposed on Adam's solution.

If U do not have any other query please mark this as answered as well.

Looking for some Networking Assistance? 
Contact me directly at jcarvaja@laguiadelnetworking.com

I will fix your problem ASAP.

Cheers,

Julio Carvajal Segura
http://laguiadelnetworking.com

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card