Pix 515 How to ping or allow access in ACLs using DNS name ?

Unanswered Question
Jun 14th, 2009

Pix 515.

Version software: 7.0(4)

I'd like to have a possibility to use normal host names (like googe.com) to use it with Ping or ACLs.

I enabled following:

dns domain-lookup <int>

dns name-server <ip dns 1>

dns name-server <ip dns 2>

When I do:

ping www.google.com

^

ERROR: % Invalid input detected at '^' marker.

kem-kr99-f5-p1#

What did I wrong ?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
abinjola Sun, 06/14/2009 - 21:11

you cannot use FQDN/DNS name in ACLs currently, though the request ID has been filed for this issue

Request ID# 31498

Req. Description # Ability to configure ACLs on ASA by using fully qualified domain names

You need to get in touch with your acounts manager to further push it through

vyacheslav.k Sun, 06/14/2009 - 21:50

But can I even ping FQDN/DNS name?

and what's purpose of enabling DNS on pix then ?

If you can, please, give a direct link to this request because I can't find it.

vpmorozov Wed, 07/08/2009 - 05:28

Первое, что мне показалось - что Вы пытаетесь сделать ping из config-режима.

А по IP пингуется?

vyacheslav.k Wed, 07/08/2009 - 07:35

Нет, я пингую не из config режима.

По ip пингуется.

Pix видит по ip dns сервера, и вообще любые внешние ресурсы.

vpmorozov Wed, 07/08/2009 - 23:47

А PIX'а задан domain-name?

Можно полный конфиг (без внешних IP адресов) посмотреть?

vyacheslav.k Thu, 07/09/2009 - 00:23

PIX Version 7.0(4)

!

hostname pix_name

domain-name domain.intra.ru

enable password ...

!

interface Ethernet0

nameif e0

security-level 50

ip address ...

!

interface Ethernet2

nameif e2

security-level 100

ip address ...

!

passwd ...

ftp mode passive

clock timezone Krasno 7

dns domain-lookup e0

dns name-server 10.2.96.195

dns name-server 10.2.96.198

...

...

...

# ping www.ya.ru

^

ERROR: % Invalid input detected at '^' marker.

# ping ?

Current available interface(s):

Hostname or A.B.C.D Ping destination IPv4 address or hostname

Hostname or X:X:X:X::X Ping destination IPv6 address or hostname

Т.е. говорит что вводить можно имя хоста или ip.

Actions

This Discussion