01-16-2008 08:26 PM - edited 03-11-2019 04:49 AM
I have setup downloadable ACL's between a IAS Radius Server and a PIX 515e running 6.3(3) code.
The downloading of ACL's works fine and I can see all the Access-list entries downloading to the pix.
But for some reason the pix never matches entries for UDP traffic. eg ;
ip:inacl#200=permit udp 10.0.1.0 255.255.255.0 host 192.168.1.1 eq 53
Even though the entry is in the AAA-USER-username ACL, DNS traffic will never be permitted. I have double checked in ethereal that the queries are udp and are going to the configured dns server.
Anyone able to fill me in on what is going on here?
Thanks
Fletcher
01-22-2008 11:43 AM
Try configuring the reverse statement , permit udp 10.0.1.0 255.255.255.0 host 192.168.1.1 eq 53 to allow the DNS traffic back to the PC.
02-04-2008 03:50 PM
No such luck sorry.
any other ideas?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide