04-02-2008 01:25 PM - edited 03-11-2019 05:26 AM
Hello,
one silly question - is it possible to specify DNS name in ACL on ASA? e.g.
access-list ACL-TEST extended permit tcp any host www.example.com eq ssh
If it is not possible - any plans to add that feature? Can be really useful for outbound restrictions.
04-02-2008 01:34 PM
No it is not possible with Pix or ASA.
if you want that feature, go with Checkpoint
or Juniper.
04-03-2008 08:00 AM
You can match and drop traffic using application inspection. Setup a HTTP inpsection policy and use regex to match the URL and set it to drop. See Link.
Easier way would be to setup websense or N2H proxies that the ASA could check against.
Hope this helps.
Chad
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide