Solved

Adding Domain Name and Sub Domain to Rule Exceptions on Cisco ASA 5585

Posted on 2013-10-25
1
2,147 Views
Last Modified: 2013-12-09
Having the DNS enabled on the Cisco ASA 5585 Firewall and attempting to add entire domain to exclusions.  The provided exclusions for the domain comes back as *.domain.com.

Cisco is requiring a FQDN to be added.  The vendor is/will not provide the actual IP address ranges.

How can I put the domain plus subdomains into exclusions rules for the ASA?
0
Comment
Question by:PSERS
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 7

Accepted Solution

by:
HalldorG earned 500 total points
ID: 39602510
You may use an alternative method specially if this is url filtering you want to solve.

Look at
https://supportforums.cisco.com/docs/DOC-1268

It is using regular expressions to match names in the http protocol.

Notice that names are not included in tcp header therfore you can not use wildcard in acl rules as there are countless possibilities of names that could be looked up. That might fit the ip address.  Also blocking based on dns names is not a good idea as the server may be serving other websites you want to access, which have the same ip address.
0

Featured Post

Free Tool: Postgres Monitoring System

A PHP and Perl based system to collect and display usage statistics from PostgreSQL databases.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

It happens many times that access list (ACL) have to be applied to outgoing router interface in order to limit some traffic.This article is about how to test ACL from the router which is not very intuitive for everyone. Below scenario shows simple s…
Hello , This is a short article on how would you go about enabling traceoptions on a Juniper router . Traceoptions are similar to Cisco debug commands but these traceoptions are implemented in Juniper networks router . The following demonstr…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question