Saturday, April 22, 2017

Using a Dynamic DNS hostname in an Access List on IOS

class-map type inspect match-any Internet_To_Trusted
 match access-group name Allowed-Traffic
 match access-group name IPv6-Allowed-Traffic
 match access-group name uk-nas
!
ip access-list extended uk-nas
 permit tcp host xxx.xxx.xxx.xxx any
!
kron occurrence day8am at 8:00 recurring
 policy-list policy-day8am
!
kron policy-list policy-day8am
 cli tclsh gethostip
!

#gethostip TCL Script on flash

tclsh
# Clear cached DNS Entry
exec clear host xxxxx.synology.me
# Remove ACL
ios_config "no ip access-list uk-nas"
# Add ACL - DNS Lookup will be done at this time.
ios_config "ip access-list extended uk-nas" "permit tcp host xxxxx.synology.me any"

No comments: