10-21-2010 08:50 PM - edited 03-06-2019 01:40 PM
Hi all,
My environment does not allow PCs to access the internet on port80 which is configured on my cisco 1811. However recently an antivirus solution was roll out to the PCs which require to download updates via port80. The update source on the internet has a fqdn but no fix ip. My accesslist allow PCs to access this particular fqdn on port80 by specifying the fqdn on the acl but since it does not have fix ip, my PCs still fail to download updates. Hence i would like to use command scheduler to allow my cisco 1811 to be able to resolve the fqdn every few hrs to get a updated ip so that the ip of the update source specified in my accesslist gets updated. Pls advise how i can do this? Thks in advance.
10-21-2010 08:55 PM
Time-Based ACLs Using Time Ranges
Please don't forget to rate useful posts. Thanks.
10-24-2010 02:51 PM
Hi Leolaohoo,
This allow my accesslist to be enabled on the define period but it does not update the fqdn specified in my accesslist.
10-24-2010 04:00 PM
Hi all,
I have a existing accesslist in my cisco 1811 as below and is enabled for port address translation.
access-list 101 permit ip any 2.2.2.0 0.0.0.255
access-list 101 permit ip any 3.3.3.0 0.0.0.255
ip nat inside source list 101 interface FastEthernet0 overload
If i specify my command scheduler as below for accesslist 101 on every hr. Does it mean that i will be able to access 1.1.1.0 but not be able to access 2.2.2.0 and 3.3.3.0? Pls advise.
kron policy-list access-list
access-list 101 permit ip any 1.1.1.0 0.0.0.255
kron occurrence hourly in 0:1:0 recurring
policy-list access-list
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide