I allow a remote user access to our network based on his static ip which he is about to loose. We have configured a dyn dns address for his changing public IP that i would like to add to our cisco.
Looking at ASDM how is it possible to allow a dyn dns address to the access list and for the ASA to update accordingly?
If you have ASA running 8.4(2) or newer software you can use FQDN in the ACL rules to allow connections based on the DNS name rather than the IP address
In this setup you will have to
Example configuration could be for example (unless I remember something wrong)
dns domain-lookup outside
dns server-group DefaultDNS
object network GOOGLE
access-list OUTSIDE-IN permit tcp object GOOGLE host eq 80
access-group OUTSIDE-IN in interface outside
So I would imagine that if your software is not the above mentioned or newer you wont be able to allow connections according to FQDN.
Hope this helps
Great post, thanks for the detail.
I'm currently running:
Cisco Adaptive Security Appliance Software Version 7.2(5)
Device Manager Version 5.2(5)
WIll i need to upgrade my appliance for this to work?
Yes, but upgrading to 8.4(2) will, unfortunately, change a lot of your configurations related to NAT in particular.
Reference this document to get a heads-up on what else will be required.
An alternative and arguably better solution to your problem is just creating a Remote Access VPN for him on the ASA, then his IP won't matter, unless I am misunderstanding how this person connects.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: