Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
476
Views
0
Helpful
2
Replies

Silly question: DNS name instead of IP address in ASA ACL

DSmirnov
Level 1
Level 1

‎04-02-2008 01:25 PM - edited ‎03-11-2019 05:26 AM

Hello,

one silly question - is it possible to specify DNS name in ACL on ASA? e.g.

access-list ACL-TEST extended permit tcp any host www.example.com eq ssh

If it is not possible - any plans to add that feature? Can be really useful for outbound restrictions.

Labels:
0 Helpful
2 Replies 2

cisco24x7
Level 6
Level 6

‎04-02-2008 01:34 PM

No it is not possible with Pix or ASA.

if you want that feature, go with Checkpoint

or Juniper.

0 Helpful

cpembleton
Level 4
Level 4

‎04-03-2008 08:00 AM

You can match and drop traffic using application inspection. Setup a HTTP inpsection policy and use regex to match the URL and set it to drop. See Link.

http://www.cisco.com/en/US/customer/docs/security/asa/asa72/configuration/guide/inspect.html#wp1514315

Easier way would be to setup websense or N2H proxies that the ASA could check against.

Hope this helps.

Chad

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card