Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

ASA 5520: How to define an URL as destination in a rule

Hi. I would like to define a URL(www.google.fr

for example) in the destination field instead of an predefined object because the IP address for www.google.fr

may change. How should I do?

Thanks for your replies

Christian

5 REPLIES
Cisco Employee

Re: ASA 5520: How to define an URL as destination in a rule

Christian,

You cannot use urls on an ACL.

You can sue names in the config and assign them an ip address and use them in the ACL. If you want to change the ip you change it in the name not the ACL.

But you cannot use a url on the ASA ACL and have the ASA resolve it.

I hope it helps.

PK

Cisco Employee

Re: ASA 5520: How to define an URL as destination in a rule

Like PK says adding a URL as destination is not possible on an ACL.

What is the requirement? To allow and not allow certainly URLs? If so you can follow this doc:

https://supportforums.cisco.com/docs/DOC-1268

or

use URL filtering either by using CSC module or webesense server.

CSC admin guide: http://www.cisco.com/en/US/docs/security/csc/csc62/administration/guide/csc4.html

-KS

Re: ASA 5520: How to define an URL as destination in a rule

Thank you all for your replies.

To answer Kusankar, let me tell you that I just want to allow access to www.google.fr, for example, from internal hosts. But, as you know, google has a lot of IP address(see the nslookup bellow) and I don't want to enter a name for each IP...!

Is it not simply possible to create à dynamic object?

----------------------

C:\WINDOWS>nslookup www.google.fr
Serveur :  ouessant.artesys-osiex.local
Address:  192.168.2.16

Réponse ne faisant pas autorité :
Nom :    www.l.google.com
Addresses:  209.85.227.147, 209.85.227.99, 209.85.227.103, 209.85.227.104
          209.85.227.105, 209.85.227.106
Aliases:  www.google.fr, www.google.com

Thanks

Christian

Re: ASA 5520: How to define an URL as destination in a rule

Cisco Employee

Re: ASA 5520: How to define an URL as destination in a rule

No.

You can group many names in one object, but they won't be dynamic, you will need to change ip addresses manually.

PK

1568
Views
0
Helpful
5
Replies