Question on ACL config.

Unanswered Question
Oct 16th, 2008
User Badges:

Hello's

I have an ACL question. I'm trying to set up an acl that will restrict 1 computer to accessing ONLY a website such as UPS.com. On doing an nslookup or Whois for ups.com I find www.ups.com answers to these IP addresses. 153.2.224.50

153.2.228.50

However, browsing to UPS.com does not necessarily connect to these IP addresses. It seems UPS.com is using some load balancing feature where it (ups.com) could resolve to several different IP's hosted it seems by akamai.

What is the best way to establish this lock down? Machine should only get to ups.com, however, UPS.com is not easily resolvable.

thanks

Sky.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Giuseppe Larosa Thu, 10/16/2008 - 12:16
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

incognito_54 Thu, 10/16/2008 - 13:18
User Badges:

Thanks for your quick response. I'll check out the url.

Sky

incognito_54 Fri, 10/17/2008 - 08:47
User Badges:

Hello,

I looked at the url and had a couple of follow up questions.

I'm wondering how the ip domain lookup would work in my scenario. If the user requests www.ups.com his computer will resolve the fqdn to whatever response the dns server hands back, which could be different each time the user visits ups.com

Even if i have enabled ip domain lookup and used the FQDN in the access list how would this help my situation? If the router does a lookup for www.ups.com, the router too may get a different IP address for ups.com than the user.

Does the question make sense?

Actions

This Discussion