Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

Silver

Can ASA use DNS to map ACL name entries to IP addresses

Can I configure an ASA to use DNS to lookup the IP address of a URL/hostname contained in an ACL?

eg:

access-list ACL-1 extended permit tcp any host www.cisco.com

I can see that this may result in some performance issues, but is it possible?

I'm ok with the internal name table mapping names to IP, and see that the ASA can use an external DNS server to resolve a name used in a ping to a URL.

3 REPLIES

Re: Can ASA use DNS to map ACL name entries to IP addresses

Andy,

As fas as I am aware - you cannot do this.

Are you trying to permit or deny access to specific web sites?

HTH>

Silver

Re: Can ASA use DNS to map ACL name entries to IP addresses

I was coming to that conclusion, and you have confirmed it, thanks.

I'm trying to allow access to these websites, the ACL is on the inside. My customer will have to provide me with a list of IP addresses so I can map these using names.

Re: Can ASA use DNS to map ACL name entries to IP addresses

Well not nessarly - you could block/permit via a policy map using regular expressions for the domains etc - see the below link:-

http://www.cisco.com/en/US/customer/products/ps6120/products_configuration_example09186a0080940c5a.shtml

HTH>

307
Views
0
Helpful
3
Replies