Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
398
Views
0
Helpful
1
Replies

URL access using ASA firewall

Naren naren
Level 1
Level 1

‎12-28-2010 10:53 AM - edited ‎02-21-2020 04:12 AM

Hello Friends,

Here is my  situation , one of our application  team needs to access the external (public)vendor database from internal database server using range of ports ex 5000 to 5050.

Application requirement is x.x.x.x.com and 5000 to 5050 needs to be allowed in the firewall to synk with the  external (public)vendor database.

Somehow i got few A-record ip's for  x.x.x.x.com but still  x.x.x.x.com is having many A-record. if i allow access in ASA, only for few ip's which i found in dnslookup, its working only for few hours or few mins or few day.

If i allow any ip with  5000 to 5050 ports its working everytime.

I understand the Concept x.x.x.x.com  may be loadbalaced using many ip's but is there any way in ASA firewall or any such device which can allow access for single url for range of ports ???

Please help me out...

REgards,

Naren

0 Helpful
1 Reply 1

mirober2
Cisco Employee
Cisco Employee

‎01-01-2011 06:10 AM

Hi Naren,

Unfortunately, there is no way to use a URL or domain name in an access list. You'll need to ask the vendor to provide you with a complete list of IP addresses that will be used by x.x.x.x.com. The only other solution would be to permit all IP addresses for the 5000 - 5050 port range, as you've already mentioned.

Hope that helps.

-Mike

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card