Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

sh DNS info: no activated FQDN

Hello everybody,

I have an ASA 5520 that is running 8.4(2) VPN Plus license.

My aim is to block facebook.com for inside network. Below is what I configured

" dns domain-lookup outside

dns server-group DefaultDNS

name-server 4.2.2.2

name-server 8.8.8.8

object network OBJ-FB.COM

fqdn www.facebook.com

access-list ACL-INSIDE line 1 extended deny ip any object OBJ-FB.COM"

The output I receive for Show access-list and Show dns is

SA(config)# sh access-list

access-list cached ACL log flows: total 0, denied 0 (deny-flow-max 4096)

            alert-interval 300

access-list ACL-INSIDE; 2 elements; name hash: 0xfb5f17a8

access-list ACL-INSIDE line 1 extended deny ip any object OBJ-FB.COM 0x797712ab

access-list ACL-INSIDE line 1 extended deny ip any fqdn www.facebook.com (unresolved) (inactive) 0xcb722ebf

access-list ACL-INSIDE line 2 extended permit ip any any (hitcnt=0) 0x2ed1288c

ASA(config)# sh dns

INFO: no activated FQDN

Could some one explain me what is happening? Why is FQDN not activated?

Thank you in advance!

Awais

Everyone's tags (3)
1023
Views
0
Helpful
0
Replies