Buy or Renew
Buy or Renew
NEW! Stay up-to-date on Cisco Secure Access: Software Release Notes and Announcements
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
914
Views
0
Helpful
8
Replies

How to make rule policy source-ip or destination-ip with naming URL

jewfcb001
Level 4
Level 4

‎12-03-2021 02:19 AM

Hi Everyone ,

 

I would like to know ASA firewall can make rule policy source-ip or destination-ip with naming URL or can define object group for URL 

example 

object network A
host test.local

 

access-list Test extended permit tcp host x.x.x.x  object-group A 

 

 

 

 

0 Helpful
8 Replies 8

balaji.bandi
Hall of Fame
Hall of Fame

‎12-03-2021 02:30 AM

Look at the below exmaple (is this help you ?)

 

https://www.cisco.com/c/en/us/support/docs/security/adaptive-security-appliance-asa-software/216553-understand-the-working-of-dns-on-asa-whe.html

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

jewfcb001
Level 4
Level 4
In response to balaji.bandi

‎12-03-2021 02:37 AM

@balaji.bandi 

 

Hi balaji 

Thank you for information . I think the information will create object for FQDN but Can we create policy with FQDN or not and contain

source-ip or destination-ip 

 

Following example below. 

access-list Test extended permit tcp host x.x.x.x  test.local.com 

 

0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame
In response to jewfcb001

‎12-03-2021 02:50 AM

You can create a policy with FQDN (since the IP keep changing, that is the main goal here to use FQDN)

 

if the know fixed IP never change, then i will use IP address

 

it all depends on use case.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

jewfcb001
Level 4
Level 4
In response to balaji.bandi

‎12-03-2021 03:25 AM

@balaji.bandi 

 

Hi balaji 

 

Thank you for information. I have a small question about  how long cache ip store in ASA and how many maximum for configure dns ip and can we use proxy dns ? I cannot found the more information about  ASA when FQDN object

 

0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame
In response to jewfcb001

‎12-03-2021 04:23 AM

DNS depends on TTL, as long as it resolves the DNS i do not see any issue here.

 

I cannot found the more information about  ASA when FQDN object

what information you looking : check the below example : (is this what you looking or something else ?)

 

https://www.fir3net.com/Firewalls/Cisco/cisco-asa-domain-fqdn-based-acls.html

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

jewfcb001
Level 4
Level 4
In response to balaji.bandi

‎12-03-2021 05:02 AM

@balaji.bandi 

I looking for the official document in Cisco.com

0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame
In response to jewfcb001

‎12-03-2021 05:42 AM 

I looking for the official document in Cisco.com

the Orginal reply come from Cisco.com only ? not sure what you looking again.

 

Read the configuration guide the ASA Code you using.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

jewfcb001
Level 4
Level 4
In response to balaji.bandi

‎12-03-2021 05:47 AM

@balaji.bandi 

 

Thank you for answer . I will check with configuration guide on ASA again .

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card