Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
434
Views
0
Helpful
3
Replies

PIX DNS/Hostname Blocking/Configuration

woodp
Level 1
Level 1

‎05-19-2003 01:19 PM - edited ‎02-20-2020 10:45 PM

I started out on a mission to block instant messaging- (AIM, Yahoo, MSN)

To avoid an endless list of IP's, I was planning on blocking the login servers by DNS name. I soon discovered that our PIX cannot resolve any hostnames. It can ping to the outside world just fine, but it cannot ping any hostname, including itself. DNS server configuration seems to be a different beast altogether on PIX.

Am I missing something? How should I go about making this possible?

Thanks!

-Paul

Some brief info:

Cisco PIX Firewall Version 6.2(2)

Cisco PIX Device Manager Version 2.1(1)

Hardware: PIX-525, 256 MB RAM, CPU Pentium III 600 MHz

Flash E28F128J3 @ 0x300, 16MB

BIOS Flash AM29F400B @ 0xfffd8000, 32KB

0 Helpful
3 Replies 3

mhoda
Level 5
Level 5

‎05-19-2003 03:38 PM

Hi Paul,

No, you are right.

Unlike router, you cannot configure PIX to use any DNS server for name ressolution. But, what you can do though is use the following command to name your ips:

name

So, if you define, name www.test.com 10.1.1.1 then you can ping this address by the www.test.com. No need to use the ip address.

But, defining a seperate dns server for name ressolution is not possible on the PIX Firewall.

I hope this answers your question. Thanks,

Mynul

0 Helpful

woodp
Level 1
Level 1
In response to mhoda

‎05-19-2003 04:43 PM

I see. So what is the best way to deal with restricting access to DNS names that resolve to multiple and/or dynamic IP's?

Are there any alternatives to manually maintaining a host file/access list?

Thanks for your help!

-P

0 Helpful

mhoda
Level 5
Level 5
In response to woodp

‎05-19-2003 07:48 PM

Hi,

The best and only solution is to use url filtering. You can filter the web traffic based on domain name, ip addresses or specific keyword etc...

Here is the a link that explains:

http://www.cisco.com/en/US/products/sw/secursw/ps2120/products_configuration_guide_chapter09186a008008c103.html#xtocid9

With the newer version of Pix code, this feature has been improved a lot. Please refer to the command reference of the version you are running. PIX can support web sense and N2H2 url filtering server.

Unlike NBAR feature on the router, PIX cannot do similiar things like packet marking and dropping rather it relies on external web filtering servers like Web Sense or N2H2.

I hope this helps ! Thanks,

Mynul

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card