Cisco ASA using FQDN for hosts

The Cisco ASA allows for the use of fully qualified domain names in access control lists. The ASA has to use DNS as you might expect to resolve names into IP addresses.

# domain-name lab.local
# dns domain-lookup inside
# dns server-group DNS-SVR-GROUP
# name-server 192.168.3.1
# domain-name lab.local
# object network www.cheese.com
# fqdn www.cheese.com
# access-list inside_access_in deny ip any object www.cheese.com
# access-list inside_access_in permit ip any any

It does not seem that Cisco have introduced wildcards yet. However, I wait in anticipation to apply an ACL that will resolve *.cheese.com successfully.

Go on Cisco, you know you have the means

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s