Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
779
Views
0
Helpful
2
Replies

Access-list - Hostname as source

Go to solution
Tauer Drumond
Level 1
Level 1

‎08-01-2011 08:37 AM - edited ‎03-11-2019 02:06 PM

Hi all,

I have an ASA 5540 and I'd like to create a rule using a specific host name as source of the traffic, not an ip address.

Is that possible?

My firewall already resolves names to IP address so I can ping all my internal hosts by name

Thanks

Tauer

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
John Blakley
VIP Alumni
VIP Alumni

‎08-01-2011 08:56 AM

It's not possible unfortunately. If this is an address that resolves to an internet hostname, you'll need to run nslookup on that hostname to get the addresses. You can then create an object-group for ease of management. (It *might* work on the new IOS version, but I'm running 8.0x and it doesn't work.)

Example:

Hostname: bing.com

nslookup bing.com

1.1.1.1

2.2.2.2

object-group network bing.com

network host 1.1.1.1

network host 2.2.2.2

access-list INSIDE permit ip any object-group bing.com

That's the only way that I know you'd be able to do it.

The firewall will translate addresses from the CLI, but it won't do it for your hosts.

HTH,

John

HTH, John *** Please rate all useful posts ***

View solution in original post

0 Helpful
2 Replies 2

Go to solution
John Blakley
VIP Alumni
VIP Alumni

‎08-01-2011 08:56 AM

It's not possible unfortunately. If this is an address that resolves to an internet hostname, you'll need to run nslookup on that hostname to get the addresses. You can then create an object-group for ease of management. (It *might* work on the new IOS version, but I'm running 8.0x and it doesn't work.)

Example:

Hostname: bing.com

nslookup bing.com

1.1.1.1

2.2.2.2

object-group network bing.com

network host 1.1.1.1

network host 2.2.2.2

access-list INSIDE permit ip any object-group bing.com

That's the only way that I know you'd be able to do it.

The firewall will translate addresses from the CLI, but it won't do it for your hosts.

HTH,

John

HTH, John *** Please rate all useful posts ***
0 Helpful

Go to solution
Tauer Drumond
Level 1
Level 1
In response to John Blakley

‎08-01-2011 09:12 AM

Hi John,

thank you so much!

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card