Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
509
Views
0
Helpful
3
Replies

Can ASA use DNS to map ACL name entries to IP addresses

aacole
Level 5
Level 5

‎08-04-2008 03:37 AM - edited ‎03-11-2019 06:25 AM

Can I configure an ASA to use DNS to lookup the IP address of a URL/hostname contained in an ACL?

eg:

access-list ACL-1 extended permit tcp any host www.cisco.com

I can see that this may result in some performance issues, but is it possible?

I'm ok with the internal name table mapping names to IP, and see that the ASA can use an external DNS server to resolve a name used in a ping to a URL.

Labels:
0 Helpful
3 Replies 3

andrew.prince
Level 10
Level 10

‎08-04-2008 07:00 AM

Andy,

As fas as I am aware - you cannot do this.

Are you trying to permit or deny access to specific web sites?

HTH>

0 Helpful

aacole
Level 5
Level 5
In response to andrew.prince

‎08-04-2008 07:10 AM

I was coming to that conclusion, and you have confirmed it, thanks.

I'm trying to allow access to these websites, the ACL is on the inside. My customer will have to provide me with a list of IP addresses so I can map these using names.

0 Helpful

andrew.prince
Level 10
Level 10
In response to aacole

‎08-04-2008 07:17 AM

Well not nessarly - you could block/permit via a policy map using regular expressions for the domains etc - see the below link:-

http://www.cisco.com/en/US/customer/products/ps6120/products_configuration_example09186a0080940c5a.shtml

HTH>

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card