robertson.michael Sun, 08/31/2008 - 10:29
User Badges:
  • Silver, 250 points or more

Hi Celso,


If you simply want to refer to hostnames within your configuration rather than IP addresses, you can use the 'name' command. So, your configuration could look something like this (taken from the ASA command reference):


hostname(config)# names

hostname(config)# name 192.168.42.3 sa_inside

hostname(config)# name 209.165.201.3 sa_outside

hostname(config-if)# ip address inside sa_inside 255.255.255.0

hostname(config-if)# ip address outside sa_outside 255.255.255.224


Also, here is a link to that command reference:

http://www.cisco.com/en/US/docs/security/asa/asa80/command/reference/no.html#wp1747000


Hope that helps.


-Mike



cfajardo1_2 Sun, 08/31/2008 - 22:46
User Badges:

thx but what am asking is if theres a way to add a dns ip and the asa will do a lookup there for name resolution rather than doing all this harcoded names on asa?


ariesc_33 Mon, 09/01/2008 - 19:51
User Badges:

i had to create hundreds of names and groups manually on the firewall to simplify my configuration.


this is a good question, hope someone can clarify this.

robertson.michael Tue, 09/02/2008 - 08:24
User Badges:
  • Silver, 250 points or more

Unfortunately, this is not possible. You must use either an IP address or a name (configured with the 'name' command mentioned above) in the firewall's configuration. You can also use object-groups to condense ACLs, but again this all must be manually entered at least once into the firewall's configuration.


-Mike

cfajardo1_2 Sun, 09/07/2008 - 09:09
User Badges:

so it seems it is not possible at all...thx a lot gents

Actions

This Discussion