Hi halijenn / pkampana / all
Users -> ASA -> Server (www.training.com)
I have a query for HTTP Outbound traffic .Is there is a way in ASA to allow outbound HTTP to a URL/URI instead of an IP address i.e to allow the URL / domain in the ACL.The reason being that outside server www.training,com has multiple IP Address which keeps on changing , hence the outbound ACLs object-group has to be modified accordingly to include the new IP Address every time .
I can see only 1 solution
1) Donot apply any ACL on inside interface for outbound traffic and restrict it with inspect http <L7 Policy map name> by specifying regex as www.training.com .Else i can still specify the outbound acl but on the basis of the first three octet i.e if the public ip of the server is 184.108.40.206 till 220.127.116.11 (consider that the IP addresses is always in this range) then i can specify the range 18.104.22.168/24 in the access-list destination traffic
and combine it again with inspect http <L7 Policy map name>
Please let me know if there is any other way to accomplish this.