Cisco ASA using FQDN for hosts

The Cisco ASA allows for the use of fully qualified domain names in access control lists. The ASA has to use DNS as you might expect to resolve names into IP addresses.

# domain-name lab.local
# dns domain-lookup inside
# dns server-group DNS-SVR-GROUP
# name-server
# domain-name lab.local
# object network
# fqdn
# access-list inside_access_in deny ip any object
# access-list inside_access_in permit ip any any

It does not seem that Cisco have introduced wildcards yet. However, I wait in anticipation to apply an ACL that will resolve * successfully.

Go on Cisco, you know you have the means


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s