Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
463
Views
0
Helpful
2
Replies

DNS issues on Pix 7.0(2)

abdi.aye
Level 1
Level 1

‎04-28-2006 08:56 PM - edited ‎02-21-2020 12:51 AM

Hi Guys,

I recently upgrade my site which has a single Pix515e and running ver 6.3(3) with two redundant pixes 515e running 7.0(2). Besides configuring failover configuration differently, I copied my original configs and pasted on ver 7.0(2). Everythings worked beside my DNS. I have a couple of Linix server inside my local(Privte) segment. Could some check the two config and determine why it does not work.

Regards

Abdi

0 Helpful
2 Replies 2

Fernando_Meza
Level 7
Level 7

‎04-29-2006 02:28 AM

Try changing the packet size of your dns inspection. This is the size on your PIX but the ASA defaults to 512 and will drop bigger packets.

policy-map global_policy

class inspection_default

inspect dns maximum-length 1024

Hope it helps ... rate it if it does !!!

0 Helpful

Fernando_Meza
Level 7
Level 7
In response to Fernando_Meza

‎04-29-2006 02:37 AM

Also make sure the below entries are correct on your access-list 100 ... Your PIX shows a different IP address:

access-list 100 extended permit tcp any host 63.x.x.98 range 51 domain

access-list 100 extended permit tcp any host 63.x.x.99 range 51 domain

access-list 100 extended permit udp any host 63.x.x.98 range 51 domain

access-list 100 extended permit udp any host 63.x.x.99 range 51 domain

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card