Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ASA and FQDN?

I've been tasked with converting a Netscreeen fw to ASA 5520. All is well except for some of the fw policy where they have used fqdn for a host in the "untrust" portion of the policy. On the netscreen, you can configure a dns server and it will go out and resolve these fqdn's. Does the ASA allow for something like this? I've looked through the cmd reference, etc and haven't found it.

greg

5 REPLIES
New Member

Re: ASA and FQDN?

New Member

Re: ASA and FQDN?

sorry doesn't apply.

I'm asking about the ability to use a fqdn either directly in an access-list (aka policy statement) or a network-object that can be used in an access-list.

Silver

Re: ASA and FQDN?

Hi ggriebel,

If I am not mistaken, what you're trying to do

here is to use what to refer in checkpoint

or Juniper/Netscreen as "domain" objects. In

other words, you specify the domain object as,

for example, ".yahoo.com" and take this object

and apply to either source or the destination.

Furthermore, sometime you want to "negate"

the object as well.

Those features have been widely available

with Checkpoint and Juniper firewalls. Cisco

Pix/ASA does not support that function.

CCIE Security

New Member

Re: ASA and FQDN?

It can also be done on Fortigates. I didn't think it's available on the ASA, that's why I was questioning.

thanks.

New Member

ASA and FQDN?

Hi,

I want to follow up on this thread to see if Cisco has made any update on this - Access policy using FQDN instead of hard coded IP address?

I have seen couple of options based on my research.

MPF with http class -- > this is not good enough as https or non http traffic will net be qualified.

Identity ware firewall policy using DNS--> Is this applicable to 8.2 release

REgards

PRatheesh

978
Views
0
Helpful
5
Replies
CreatePlease to create content