To quickly see the IP`s that have been resolved and that have been added to the ACL, the command ‘show access-list ’ is used. When troubleshooting there are 2 key commands, ‘show access-list …’ and ‘show dns’. object network Īccess-list acl-inside extended deny ip any object Īccess-list acl-inside extended permit ip any any log Show This group is then specified within an ACL (as shown below). Next we define our FQDN via a network object group.
dns domain-lookup outsideĭomain-name Configure Access Policy To configure DNS the egress interface, the DNS servers IP (here it is 8.8.8.8) and default domain name is defined. The first is to configure DNS, the access policy is then created. There are 2 steps in configuring FQDN lookups. Within this article will look at the configuration, caveats and some of the key commands required for troubleshooting. Traffic is then either denied or permitted accordingly.
This feature works by the ASA resolving the IP of the FQDN via DNS which it then stores within its cache.
Introduced within Cisco ASA version 8.4(2), Cisco added the ability to allow traffic based on the FQDN (i.e domain name).
0 kommentar(er)
