cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
298
Views
0
Helpful
2
Replies

PIX DACL won't match UDP

fletchjoyce
Level 1
Level 1

I have setup downloadable ACL's between a IAS Radius Server and a PIX 515e running 6.3(3) code.

The downloading of ACL's works fine and I can see all the Access-list entries downloading to the pix.

But for some reason the pix never matches entries for UDP traffic. eg ;

ip:inacl#200=permit udp 10.0.1.0 255.255.255.0 host 192.168.1.1 eq 53

Even though the entry is in the AAA-USER-username ACL, DNS traffic will never be permitted. I have double checked in ethereal that the queries are udp and are going to the configured dns server.

Anyone able to fill me in on what is going on here?

Thanks

Fletcher

2 Replies 2

ivillegas
Level 6
Level 6

Try configuring the reverse statement , permit udp 10.0.1.0 255.255.255.0 host 192.168.1.1 eq 53 to allow the DNS traffic back to the PC.

No such luck sorry.

any other ideas?

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: