04-28-2006 08:56 PM - edited 02-21-2020 12:51 AM
Hi Guys,
I recently upgrade my site which has a single Pix515e and running ver 6.3(3) with two redundant pixes 515e running 7.0(2). Besides configuring failover configuration differently, I copied my original configs and pasted on ver 7.0(2). Everythings worked beside my DNS. I have a couple of Linix server inside my local(Privte) segment. Could some check the two config and determine why it does not work.
Regards
Abdi
04-29-2006 02:28 AM
Try changing the packet size of your dns inspection. This is the size on your PIX but the ASA defaults to 512 and will drop bigger packets.
policy-map global_policy
class inspection_default
inspect dns maximum-length 1024
Hope it helps ... rate it if it does !!!
04-29-2006 02:37 AM
Also make sure the below entries are correct on your access-list 100 ... Your PIX shows a different IP address:
access-list 100 extended permit tcp any host 63.x.x.98 range 51 domain
access-list 100 extended permit tcp any host 63.x.x.99 range 51 domain
access-list 100 extended permit udp any host 63.x.x.98 range 51 domain
access-list 100 extended permit udp any host 63.x.x.99 range 51 domain
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide