01-21-2014 01:46 PM - edited 03-11-2019 08:33 PM
Hey all,
I will begin by telling you what my end goal is, I am trying to block specific websites on our cisco ASA 5525 using FDQN. I know that this functionality for DNS resolution was not implemented until a specific version.
Current Version: Cisco ASA 5525
ASA Version: 8.6(1)
I can ping external addresses from the ASA however I cannot ping hostnames like "ping google.ca" does not work.
What I've done.
dns domain-lookup inside
dns domain-lookup outside
name-server x.x.x.x (Primary internal dns server)
name-server x.x.x.x (Secondary internal dns server)
name-server 8.8.8.8 (Google external dns server)
name-server 8.8.4.4 (Google external dns server)
domain-name example.com
With this config I can, however, ping hostnames of internal servers.
This is an example of me pinging an external hostname.
ciscoasa# ping google.ca
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2607:f8b0:4009:803::101f, timeout is 2 seconds:
No route to host 2607:f8b0:4009:803::101f
Success rate is 0 percent (0/1)
Any ideas?
Thanks!
01-22-2014 12:20 AM
hi jonathan,
could you try adding using the default DNS group?
dns server-group DefaultDNS
name-server x.x.x.x
name-server 8.8.8.8
name-server 8.8.4.4
domain-name example.com
01-22-2014 05:53 AM
Hi John,
Thanks for your quick reply.
I forgot to mention that I was adding the name servers and domain name to the DefaultDNS group already, though I did remove my secondary internal dns server to reflect exactly what you sent to me, unfortunately still no luck.
01-22-2014 06:43 AM
Hi,
Could you post 'ping www.google.com' and 'show route' output?
Sent from Cisco Technical Support iPhone App
01-22-2014 12:29 PM
officeasa# ping www.google.com
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2607:f8b0:4009:802::1012, timeout is 2 seconds:
No route to host 2607:f8b0:4009:802::1012
Success rate is 0 percent (0/1)
John, due to the sensitive nature displayed within show route output, is there any other information I can tell you, what exactly did you need to see from this information?
(I know without certain information you cannot help but I need to ensure security on my end)
Thanks for understanding.
01-24-2014 07:14 AM
Any other idea's guys?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide