[c-nsp] FQDN ACL's on ASA

Scott Voll svoll.voip at gmail.com
Tue Apr 2 11:58:24 EDT 2013


I went down that road too.  the "policy-map type inspect http" does NOT
have a permit or allow.  thus it won't work in this setup.

other options?

Scott


On Tue, Apr 2, 2013 at 8:47 AM, Vijay Ramcharan <vrlists at gmail.com> wrote:

> You can try with regex and MPF.
> See https://supportforums.cisco.com/docs/DOC-1268
>
> http://www.cisco.com/en/US/products/ps6120/products_configuration_example091
> 86a0080940e04.shtml
>
> -----Original Message-----
> From: cisco-nsp-bounces at puck.nether.net
> [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Scott Voll
> Sent: Thursday, March 28, 2013 6:10 PM
> To: cisco-nsp at puck.nether.net
> Subject: [c-nsp] FQDN ACL's on ASA
>
> I know I can setup FQDN acls on my ASA, but is there a way to do wildcard
> Domain names?
>
> Example being *.microsoftonline.com
>
> We are looking to use office 365 and microsoft lists some FQDN and then
> they
> add a bunch of wildcard ones like above.
>
> If you can give me a link or example that would be great!
>
> TIA
>
> Scott
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
>


More information about the cisco-nsp mailing list