Skip to content

Allowing Specific DNS Servers on ASA Firewall

by Nish Vamadevan · Aug 31, 2015 · 1 min read

The following post shows how to specifically allow specific DNS servers on a Cisco ASA firewall. In this example, I am using Google DNS to be allowed through the firewall.

DNS Rules

object-group service DNS-PORTS
 service-object udp destination eq domain 

object-group network GOOGLE-DNS
 network-object host 8.8.8.8
 network-object host 8.8.4.4

access-list ACL_in extended permit object-group DNS-PORTS NETWORK 255.255.255.0 object-group GOOGLE-DNS
Security 8.8.8.8 DNS ASA
comments powered by Disqus