02-11-2014 08:14 AM - edited 03-11-2019 08:44 PM
Hi all.
I allow a remote user access to our network based on his static ip which he is about to loose. We have configured a dyn dns address for his changing public IP that i would like to add to our cisco.
Looking at ASDM how is it possible to allow a dyn dns address to the access list and for the ASA to update accordingly?
Thanks.
02-11-2014 08:23 AM
Hi,
If you have ASA running 8.4(2) or newer software you can use FQDN in the ACL rules to allow connections based on the DNS name rather than the IP address
In this setup you will have to
Example configuration could be for example (unless I remember something wrong)
dns domain-lookup outside
dns server-group DefaultDNS
name-server 8.8.8.8
object network GOOGLE
fqdn www.google.com
access-list OUTSIDE-IN permit tcp object GOOGLE host
access-group OUTSIDE-IN in interface outside
So I would imagine that if your software is not the above mentioned or newer you wont be able to allow connections according to FQDN.
Hope this helps
- Jouni
02-11-2014 08:33 AM
Great post, thanks for the detail.
I'm currently running:
Cisco Adaptive Security Appliance Software Version 7.2(5)
Device Manager Version 5.2(5)
WIll i need to upgrade my appliance for this to work?
02-12-2014 03:00 PM
Yes, but upgrading to 8.4(2) will, unfortunately, change a lot of your configurations related to NAT in particular.
Reference this document to get a heads-up on what else will be required.
https://supportforums.cisco.com/docs/DOC-12690
An alternative and arguably better solution to your problem is just creating a Remote Access VPN for him on the ASA, then his IP won't matter, unless I am misunderstanding how this person connects.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide