Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
464
Views
0
Helpful
1
Replies

PIX Firewall Packet Inspection RADIUS/DNS Problem

pncisco216
Level 1
Level 1

‎04-26-2007 08:22 AM - edited ‎03-11-2019 03:04 AM

Hello,

I am running a PIX 525 firewall, with PIX software version 7.2.1. I am using the default global service-policy, and RADIUS packets are being dropped with a log message stating that the label length is exceeding 63 bytes. The log message (clip below) states that it is a DNS packet, but I know it is for RADIUS by the IP address of our RADIUS servers and the port number. How, can I change the packet inspection to stop dropping these packets? Are the RADIUS packets being misidentified as DNS packets?

Apr 25 17:04:22 cr1 Apr 25 2007 17:04:22: %PIX-4-410001: Dropped UDP DNS request from inside:X.X.X.X/1812 to outside:X.X.X.X/49196; label length 79 bytes exceeds protocol limit of 63 bytes

Labels:
0 Helpful
1 Reply 1

sbilgi
Level 5
Level 5

‎05-02-2007 11:03 AM

Match the RADIUS packets with ACLS and apply it in Modular Policy map configuration to customise in order to allow and inspect the RADIUS packets.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card