Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

ISA 550 Firewall Rule - how to specify a domain (to resolve a DDNS)

I want to lock down access to an ISA 550 Firewall to 4 locations.  2 of the locations have dynamic IP addresses.

Both sites have a dynamic domain maintained at

How can I enter '' in to a firewall rule?


Everyone's tags (1)

There is not a way to use a

There is not a way to use a domain name in a firewall rule.  When the traffic comes in the packets are addressed with IPs, not with domain names, so when the router looks things up it compares IP addresses. 

In fact I have never seen this done, even on an enterprise device.  I'm not saying nothing can do it, but it definitely isn't possible with the ISA. 

Your best bet would be to try and get some static IPs for those two sites as well.

It is however possible to setup site-to-site VPNs between these devices even if some of them are using DDNS.  This does require those other site's routers to support site-to-site tunnels.  That way those four sites would be able to access resources behind the ISA, but no one else would, and you could still keep using the DDNS for the two dynamic sites.

Thank you for choosing Cisco,

Christopher Ebert


Network Support Engineer - Cisco Small Business Support Center


*please mark/rate helpful answers*

CreatePlease to create content