I have setup downloadable ACL's between a IAS Radius Server and a PIX 515e running 6.3(3) code.
The downloading of ACL's works fine and I can see all the Access-list entries downloading to the pix.
But for some reason the pix never matches entries for UDP traffic. eg ;
ip:inacl#200=permit udp 10.0.1.0 255.255.255.0 host 192.168.1.1 eq 53
Even though the entry is in the AAA-USER-username ACL, DNS traffic will never be permitted. I have double checked in ethereal that the queries are udp and are going to the configured dns server.
Anyone able to fill me in on what is going on here?