Re: ASA 5505 (8.2) and dyndns traffic

ariel.aguirre · ‎12-06-2010

Does anyone know how to make a port forwarding from a domain name instead a IP address through the ASA 5505 (8.2)

in my specific case a domani name form dyndns.

best regards,

Panos Kampanakis · ‎12-06-2010

Hi Ariel,

I am not sure what you want to achieve. When hitting the ASA on an ip address and port that is what the ASA is going to translate.

Can you elaborate what you mean by "make a port forwarding from a domain name instead a IP address".

Rgs,

PK

ariel.aguirre · ‎12-06-2010

Hi,

What i am trying to do is to configured a port forward (using static nat and the outside int ip address) from traffic originated in a (yyy.aaesdyndns.org) address to a LAN ip address.

I have configured this using IP addresses in the hole scenario but i dont know how to configured this using the xyz.dyndns.org address as a source address in the access rule.

best regards,

Ariel Aguirre

Panos Kampanakis · ‎12-06-2010

I see. Unfortunately you can't do it. You can't match based on a domain in ACLs or policy nat. You can only use ip addresses/

I hope it makes sense.

PK

ariel.aguirre · ‎12-06-2010

Hi,

Yes, it makes sense to me but a customer asked me about it. I had to invetigate.

best regards,

Ariel

Panos Kampanakis · ‎12-06-2010

It is good that we could clarify it.

Please mark this as answered if it is for other people's future benefit.

Take care,

PK

ariel.aguirre · ‎12-06-2010

According to me it is because of anyone can simulate to be "xyz.dyndns.org" where (xyz is a well known address) and it would be a thread for the device.

share your point of view.

BR

Ariel

Panos Kampanakis · ‎12-06-2010

I don't think it is a threat. I think it is a matter of efficiency because we would need to resolve all the domains in an ACL to an ip address we can match on.. It is not supported by the ASA currently.

I hope this answers the question.

PK