03-01-2022 08:40 PM - edited 03-01-2022 10:54 PM
Is it possible with CISCO IOS (15.5) to route https traffic based on the FQDN?
For example:
- direct mail.abc.com:443 to host 192.168.1.1
- direct abc.com:443 or www.abc.com:443 to host 192.168.1.2
03-02-2022 12:16 AM
Hello,
check if the below works:
ip domain-lookup
ip name server 8.8.8.8
!
access-list 101 permit tcp host mail.abc.com any eq 443
access-list 102 permit tcp host www.abc.com any eq 443
access-list 103 permit tcp host abc.com any eq 443
!
route-map FQDN_REDIRECT permit 10
match ip address 101
set ip next 192.168.1.1
!
route-map FQDN_REDIRECT permit 20
match ip address 102
set ip next 192.168.1.2
!
route-map FQDN_REDIRECT permit 30
match ip address 103
set ip next 192.168.1.2
03-02-2022 02:47 AM
That looks nice however when typing the permit the IOS says "Translating 'mail.abc.com'...domain server (8.8.8.8) [OK]" and the access reads "permit tcp host 1.2.3.4 any eq 443". This won't work in my example because the abc.com hosts resolve to the same IP address.
I found this explanation: https://blog.ipspace.net/2008/11/using-hostnames-in-ip-access-lists.html
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide