Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
257
Views
0
Helpful
3
Replies

Can I do this in an ASA?

John Blakley
VIP Alumni
VIP Alumni

‎03-19-2009 10:12 AM - edited ‎03-11-2019 08:07 AM

All,

I'm converting from a Symantec Firewall (SF) to an ASA 5550. I've been looking through the ruleset on the SF, and I'm noticing that there are domain names listed as entities that reference another domain name.

This means that a firewall rule would, in ASA notation, look like:

permit ip host 5.5.5.5 host www.google.com.

name 10.10.10.10 www.google.com

I need the ASA to resolve to domain names to allow for traffic to domains that could possibly change ip addresses or have multiple ip addresses assigned to a domain name.

Is this possible?

Thanks,

John

HTH, John *** Please rate all useful posts ***
Labels:
0 Helpful
3 Replies 3

cisco24x7
Level 6
Level 6

‎03-19-2009 11:12 AM

This is one of the many advantages that Symantec and CP firewalls have over Cisco.

The other features is the negation rule.

To my knowledge, it can not be done with ASA.

0 Helpful

John Blakley
VIP Alumni
VIP Alumni
In response to cisco24x7

‎03-19-2009 11:36 AM

That's what I was afraid of. I think the only thing that I could do would be to create an object group and put the IPs that are registered to that domain in there.

HTH, John *** Please rate all useful posts ***
0 Helpful

Collin Clark
VIP Alumni
VIP Alumni
In response to John Blakley

‎03-19-2009 01:41 PM

Cisco wants you to use a (their) proxy server to control access. However you can use regex to block sites.

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080940e04.shtml

Hope that helps.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card