Solved

Adding Domain Name and Sub Domain to Rule Exceptions on Cisco ASA 5585

Posted on 2013-10-25
1
2,079 Views
Last Modified: 2013-12-09
Having the DNS enabled on the Cisco ASA 5585 Firewall and attempting to add entire domain to exclusions.  The provided exclusions for the domain comes back as *.domain.com.

Cisco is requiring a FQDN to be added.  The vendor is/will not provide the actual IP address ranges.

How can I put the domain plus subdomains into exclusions rules for the ASA?
0
Comment
Question by:PSERS
1 Comment
 
LVL 7

Accepted Solution

by:
HalldorG earned 500 total points
ID: 39602510
You may use an alternative method specially if this is url filtering you want to solve.

Look at
https://supportforums.cisco.com/docs/DOC-1268

It is using regular expressions to match names in the http protocol.

Notice that names are not included in tcp header therfore you can not use wildcard in acl rules as there are countless possibilities of names that could be looked up. That might fit the ip address.  Also blocking based on dns names is not a good idea as the server may be serving other websites you want to access, which have the same ip address.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Telepresence on backup 3 28
Port forwarding in Cisco RV215w 2 60
Tools to detect weak WiFi routers prior connecting to it 14 138
DHCP Server 14 100
Problem Description:   Couple of months ago we upgraded the ADSL line at our branch office from Home to Business line. The purpose of transforming the service to have static public IP’s. We were in need for public IP’s to publish our web resour…
Getting hacked is no longer a matter or "if you get hacked" — the 2016 cyber threat landscape is now titled "when you get hacked." When it happens — will you be proactive, or reactive?
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

808 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question