02-25-2013 01:53 AM - edited 03-11-2019 06:04 PM
Hello,
Here is a short explain:
Extended IP access list DANGEOURS_WEBSITES
deny tcp any host www.badsite.hu eq ww 443
permit ip any any
Translating "www.badsite.hu"...domain server (90.0.0.100)
After the translation:
Extended IP access list DANGEOURS_WEBSITES
10 deny tcp any host 90.0.0.100 eq www 443
20 permit ip any any (621 matches)
Is that possible to force the router to check the IP address of hostname in every hour or on every attempt etc..?
02-25-2013 02:34 AM
As far as i know, ISRs doesn't support dynamic resolution of domain names. Router resolves name to ip when you configure ACE in ACL, and then, in running config it puts resolved IP-addresses.
This feature works just like you want with ASA, but not with ISR.
02-25-2013 04:40 AM
Thank you, i'll try it!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide