DNS issues on Pix 7.0(2)

Unanswered Question
Apr 28th, 2006
User Badges:

Hi Guys,


I recently upgrade my site which has a single Pix515e and running ver 6.3(3) with two redundant pixes 515e running 7.0(2). Besides configuring failover configuration differently, I copied my original configs and pasted on ver 7.0(2). Everythings worked beside my DNS. I have a couple of Linix server inside my local(Privte) segment. Could some check the two config and determine why it does not work.


Regards

Abdi



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Fernando_Meza Sat, 04/29/2006 - 02:28
User Badges:
  • Gold, 750 points or more

Try changing the packet size of your dns inspection. This is the size on your PIX but the ASA defaults to 512 and will drop bigger packets.



policy-map global_policy

class inspection_default

inspect dns maximum-length 1024


Hope it helps ... rate it if it does !!!


Fernando_Meza Sat, 04/29/2006 - 02:37
User Badges:
  • Gold, 750 points or more

Also make sure the below entries are correct on your access-list 100 ... Your PIX shows a different IP address:


access-list 100 extended permit tcp any host 63.x.x.98 range 51 domain

access-list 100 extended permit tcp any host 63.x.x.99 range 51 domain

access-list 100 extended permit udp any host 63.x.x.98 range 51 domain

access-list 100 extended permit udp any host 63.x.x.99 range 51 domain


Actions

This Discussion