Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Pix 515 How to ping or allow access in ACLs using DNS name ?

Pix 515.

Version software: 7.0(4)

I'd like to have a possibility to use normal host names (like googe.com) to use it with Ping or ACLs.

I enabled following:

dns domain-lookup <int>

dns name-server <ip dns 1>

dns name-server <ip dns 2>

When I do:

ping www.google.com

^

ERROR: % Invalid input detected at '^' marker.

kem-kr99-f5-p1#

What did I wrong ?

8 REPLIES
Cisco Employee

Re: Pix 515 How to ping or allow access in ACLs using DNS name ?

you cannot use FQDN/DNS name in ACLs currently, though the request ID has been filed for this issue

Request ID# 31498

Req. Description # Ability to configure ACLs on ASA by using fully qualified domain names

You need to get in touch with your acounts manager to further push it through

New Member

Re: Pix 515 How to ping or allow access in ACLs using DNS name ?

But can I even ping FQDN/DNS name?

and what's purpose of enabling DNS on pix then ?

If you can, please, give a direct link to this request because I can't find it.

New Member

Re: Pix 515 How to ping or allow access in ACLs using DNS name ?

You can ping FQDN names however the ace needs to include the IP.

New Member

Re: Pix 515 How to ping or allow access in ACLs using DNS name ?

What does "the ace" means?

New Member

Re: Pix 515 How to ping or allow access in ACLs using DNS name ?

Первое, что мне показалось - что Вы пытаетесь сделать ping из config-режима.

А по IP пингуется?

New Member

Re: Pix 515 How to ping or allow access in ACLs using DNS name ?

Нет, я пингую не из config режима.

По ip пингуется.

Pix видит по ip dns сервера, и вообще любые внешние ресурсы.

New Member

Re: Pix 515 How to ping or allow access in ACLs using DNS name ?

А PIX'а задан domain-name?

Можно полный конфиг (без внешних IP адресов) посмотреть?

New Member

Re: Pix 515 How to ping or allow access in ACLs using DNS name ?

PIX Version 7.0(4)

!

hostname pix_name

domain-name domain.intra.ru

enable password ...

!

interface Ethernet0

nameif e0

security-level 50

ip address ...

!

interface Ethernet2

nameif e2

security-level 100

ip address ...

!

passwd ...

ftp mode passive

clock timezone Krasno 7

dns domain-lookup e0

dns name-server 10.2.96.195

dns name-server 10.2.96.198

...

...

...

# ping www.ya.ru

^

ERROR: % Invalid input detected at '^' marker.

# ping ?

Current available interface(s):

Hostname or A.B.C.D Ping destination IPv4 address or hostname

Hostname or X:X:X:X::X Ping destination IPv6 address or hostname

Т.е. говорит что вводить можно имя хоста или ip.

456
Views
0
Helpful
8
Replies