Panos Kampanakis Thu, 02/18/2010 - 13:18
User Badges:
  • Cisco Employee,

Christian,


You cannot use urls on an ACL.

You can sue names in the config and assign them an ip address and use them in the ACL. If you want to change the ip you change it in the name not the ACL.

But you cannot use a url on the ASA ACL and have the ASA resolve it.


I hope it helps.


PK

Kureli Sankar Thu, 02/18/2010 - 15:51
User Badges:
  • Cisco Employee,

Like PK says adding a URL as destination is not possible on an ACL.

What is the requirement? To allow and not allow certainly URLs? If so you can follow this doc:

https://supportforums.cisco.com/docs/DOC-1268


or


use URL filtering either by using CSC module or webesense server.


CSC admin guide: http://www.cisco.com/en/US/docs/security/csc/csc62/administration/guide/csc4.html


-KS

maintenance.artesys Fri, 02/19/2010 - 05:53
User Badges:

Thank you all for your replies.

To answer Kusankar, let me tell you that I just want to allow access to www.google.fr, for example, from internal hosts. But, as you know, google has a lot of IP address(see the nslookup bellow) and I don't want to enter a name for each IP...!

Is it not simply possible to create à dynamic object?


----------------------

C:\WINDOWS>nslookup www.google.fr
Serveur :  ouessant.artesys-osiex.local
Address:  192.168.2.16


Réponse ne faisant pas autorité :
Nom :    www.l.google.com
Addresses:  209.85.227.147, 209.85.227.99, 209.85.227.103, 209.85.227.104
          209.85.227.105, 209.85.227.106
Aliases:  www.google.fr, www.google.com



Thanks

Christian

Panos Kampanakis Fri, 02/19/2010 - 06:04
User Badges:
  • Cisco Employee,

No.

You can group many names in one object, but they won't be dynamic, you will need to change ip addresses manually.


PK

Actions

This Discussion