Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Opening access via DNS name

Hi,

If one of the webserver farms wants to access an internet entity via DNS name resolution, how can it be opened up on the ASA since the actual IPs should be specified in the access-list. And it is possible that the IP returned by DNS may be different in future.

How can this be covered on the firewall.

1 REPLY

Re: Opening access via DNS name

Unfortunately the ASA can't do DNS lookups for the client. (I just ran into this issue.) What I did was an nslookup on the domain names that I needed, and then I created an acl giving access to those object-groups that referenced the ip addresses.

You could use regex and apply to a class map, and then you could match on the address of the webserver farm to give them access, but that may not be good for you.

Here's a link:

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080940e04.shtml

You should modify to your needs (regex isn't just for blocking)

HTH,

John

HTH, John *** Please rate all useful posts ***
104
Views
0
Helpful
1
Replies
CreatePlease to create content