Pix 515 How to ping or allow access in ACLs using DNS name ?

Unanswered Question
Jun 14th, 2009
User Badges:

Pix 515.

Version software: 7.0(4)

I'd like to have a possibility to use normal host names (like googe.com) to use it with Ping or ACLs.

I enabled following:

dns domain-lookup <int>

dns name-server <ip dns 1>

dns name-server <ip dns 2>

When I do:

ping www.google.com


ERROR: % Invalid input detected at '^' marker.


What did I wrong ?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
abinjola Sun, 06/14/2009 - 21:11
User Badges:
  • Cisco Employee,

you cannot use FQDN/DNS name in ACLs currently, though the request ID has been filed for this issue

Request ID# 31498

Req. Description # Ability to configure ACLs on ASA by using fully qualified domain names

You need to get in touch with your acounts manager to further push it through

vyacheslav.k Sun, 06/14/2009 - 21:50
User Badges:

But can I even ping FQDN/DNS name?

and what's purpose of enabling DNS on pix then ?

If you can, please, give a direct link to this request because I can't find it.

jeromecandiff Wed, 07/08/2009 - 10:32
User Badges:

You can ping FQDN names however the ace needs to include the IP.

vpmorozov Wed, 07/08/2009 - 05:28
User Badges:

Первое, что мне показалось - что Вы пытаетесь сделать ping из config-режима.

А по IP пингуется?

vyacheslav.k Wed, 07/08/2009 - 07:35
User Badges:

Нет, я пингую не из config режима.

По ip пингуется.

Pix видит по ip dns сервера, и вообще любые внешние ресурсы.

vpmorozov Wed, 07/08/2009 - 23:47
User Badges:

А PIX'а задан domain-name?

Можно полный конфиг (без внешних IP адресов) посмотреть?

vyacheslav.k Thu, 07/09/2009 - 00:23
User Badges:

PIX Version 7.0(4)


hostname pix_name

domain-name domain.intra.ru

enable password ...


interface Ethernet0

nameif e0

security-level 50

ip address ...


interface Ethernet2

nameif e2

security-level 100

ip address ...


passwd ...

ftp mode passive

clock timezone Krasno 7

dns domain-lookup e0

dns name-server

dns name-server




# ping www.ya.ru


ERROR: % Invalid input detected at '^' marker.

# ping ?

Current available interface(s):

Hostname or A.B.C.D Ping destination IPv4 address or hostname

Hostname or X:X:X:X::X Ping destination IPv6 address or hostname

Т.е. говорит что вводить можно имя хоста или ip.


This Discussion