Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
568
Views
0
Helpful
2
Replies

FWSM blocks DNS, not WWW, should allow both

Samuel8rown
Level 1
Level 1

‎05-14-2008 05:08 PM - edited ‎03-11-2019 05:45 AM

I'm running into an issue where my 6509 with FWSM installed is lets www requests through, but blocks DNS, despite being told to permit both.

Most perversely, it's blocking DNS on my internal networks. I've got the FWSM set up in single context mode, with a 1-port-to-1-vlan relationship for each of the different firewalls, and even the "internal" networks are blocked from each other. So long as either or both the nameserver netblock and the client netblock must transit the FWSM, all DNS traffic fails. (Things work fine whrn the Nameservers are taken off the FWSM and so is the client network. But then what's the point of having an FWSM if you circumvent it for everything?) Meanwhile, web access works fine in all permutations of different networks being on or off the FWSM.

Labels:
0 Helpful
2 Replies 2

Syed Iftekhar Ahmed
Level 8
Level 8

‎05-16-2008 10:51 PM

disable "dns inspection" on FWSM and check if it works.

Syed

0 Helpful

bitonw
Level 1
Level 1

‎05-19-2008 05:59 AM

you might have something like this:

"fixup protocol dns maximum-length 512"

in your config of the FWSM?

for test try this:

no fixup protocol dns

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card