[c-nsp] Filtering traffic to destinations based off of DNS addresses on an ASA?

Matthew Park Matthew.Park at exelisvis.com
Thu Feb 9 11:29:29 EST 2012


Hello all,
Does anyone know of a good way to make a filter (access-list or
whatever) on a Cisco ASA 5510 using a DNS address as the destination
rather than a set of IP addresses?

For example, block any internal hosts from browsing to www.microsoft.com
even though they have several webservers mapped to that DNS address,
essentially "blacklisting" www.microsoft.com from the company.

I found Cisco's "Botnet Filter" that looks like it might work, but
before I buy a license for it, I was curious as to anyone else's
experiences with this filter or another method for accomplishing this?

Matthew Park
Senior Systems Administrator
Exelis Visual Information Solutions
Matthew.Park at exelisvis.com






More information about the cisco-nsp mailing list