Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
736
Views
0
Helpful
0
Replies

ASA FQDN based ACL - Suggestions

Murali
Level 1
Level 1

‎09-12-2016 05:59 AM - edited ‎03-12-2019 01:15 AM

Hello everyone !!

Our client is requesting to enable FQDN based ACL's  (mostly because its easy to give a URL instead of multiple ip's for the same URL) but when i researched it looks like this feature has lot of shortcomings like i listed below , could you please suggest what would be the ideal case to implement this feature ? honestly i don't want to enable this and screw something else.

Appreciate quick response.

-Sites returning DNS responses with low TTL cause unpredictable access
-Multiple hostnames resolve to the same IP address
-Multiple DNS names for the same website

Below are the links with detailed information.

https://supportforums.cisco.com/document/66011/using-hostnames-dns-access-lists-configuration-steps-caveats-and-troubleshooting

https://www.fir3net.com/Firewalls/Cisco/cisco-asa-domain-fqdn-based-acls.html

we have ASA5585-SSP-20 with 9.1 (x) software.

Thank You

Murali.

Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card