05-29-2013 08:24 AM - edited 03-11-2019 06:50 PM
I have a simple problem.. We have a pair of ASA running 8.0 (old) version.
The way we create outbound rules is done through ASDM and when we need to open outbound connections to a server in the internet, we create named object with IP address configured manually.
But practically , this doesnt work, since the server is a server name which can resolve to multiple addresses. Everytime the server chagnes its IP the ASA rule needs to be updated.
Is there a difference if we add rules through CMD prompt as against ASDM where we need to enter IP addresses?
Thanks for helping me out..
05-29-2013 08:30 AM
Hi,
I imagine that you mean you configure an "object-group network
Or are you referring to the "name x.x.x.x
Starting from software level 8.4(2) you are able to use a FQDN inside an "object network" (object network was introduced in 8.3(1))and create rules based on names. For this to work you will also configure ASAs "outside" interface with DNS Domain Lookup so that the ASA can resolve the DNS name to an IP address.
When the above is setup and working the ASA will actually update the ACL rule using the FQDN according to the DNS Domain Lookups it does regularly.
Though to my understanding this has its problems and flaws but just though I'd mention as you can build these rules in newer software compared to your 8.0 version.
- Jouni
05-29-2013 08:34 AM
Here is a link to a document here on the CSC that has information about the thing I mentioned above
https://supportforums.cisco.com/docs/DOC-17014
- Jouni
05-29-2013 08:38 AM
The underlying function will be the same, regardless if you use CLI or ASDM. The only solution would be to upgrade to at least version 8.4 where you can use FQDNs in ACLs that are resolved to IP-addresses at runtime.
--
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide