08-04-2008 03:37 AM - edited 03-11-2019 06:25 AM
Can I configure an ASA to use DNS to lookup the IP address of a URL/hostname contained in an ACL?
eg:
access-list ACL-1 extended permit tcp any host www.cisco.com
I can see that this may result in some performance issues, but is it possible?
I'm ok with the internal name table mapping names to IP, and see that the ASA can use an external DNS server to resolve a name used in a ping to a URL.
08-04-2008 07:00 AM
Andy,
As fas as I am aware - you cannot do this.
Are you trying to permit or deny access to specific web sites?
HTH>
08-04-2008 07:10 AM
I was coming to that conclusion, and you have confirmed it, thanks.
I'm trying to allow access to these websites, the ACL is on the inside. My customer will have to provide me with a list of IP addresses so I can map these using names.
08-04-2008 07:17 AM
Well not nessarly - you could block/permit via a policy map using regular expressions for the domains etc - see the below link:-
HTH>
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide