Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1543
Views
15
Helpful
2
Replies

Routing https traffic with FQDN

Brian Taylor
Level 1
Level 1

‎03-01-2022 08:40 PM - edited ‎03-01-2022 10:54 PM

Is it possible with CISCO IOS (15.5) to route https traffic based on the FQDN?

For example:

- direct mail.abc.com:443 to host 192.168.1.1

- direct abc.com:443 or www.abc.com:443 to host 192.168.1.2

 

 

Labels:
2 Replies 2

Georg Pauwen
VIP
VIP

‎03-02-2022 12:16 AM

Hello,

 

check if the below works:

 

ip domain-lookup
ip name server 8.8.8.8
!
access-list 101 permit tcp host mail.abc.com any eq 443
access-list 102 permit tcp host www.abc.com any eq 443
access-list 103 permit tcp host abc.com any eq 443
!
route-map FQDN_REDIRECT permit 10
match ip address 101
set ip next 192.168.1.1
!
route-map FQDN_REDIRECT permit 20
match ip address 102
set ip next 192.168.1.2
!
route-map FQDN_REDIRECT permit 30
match ip address 103
set ip next 192.168.1.2

Brian Taylor
Level 1
Level 1
In response to Georg Pauwen

‎03-02-2022 02:47 AM

That looks nice however when typing the permit the IOS says "Translating 'mail.abc.com'...domain server (8.8.8.8) [OK]" and the access reads "permit tcp host 1.2.3.4 any eq 443". This won't work in my example because the abc.com hosts resolve to the same IP address.

I found this explanation: https://blog.ipspace.net/2008/11/using-hostnames-in-ip-access-lists.html

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card