Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Create a new article
1316
Views
0
Helpful
0
Comments

DNS reply is blocked by the outbound Access Control List (ACL) with clients outside

TCC_2
Level 10
Level 10

‎06-17-2009 10:16 PM - edited ‎03-08-2019 06:02 PM

Core issue

The issue is documented in Cisco bug ID CSCsd35775.

The problem occurs after an upgrade from PIX Firewall software 6.3.4 to 6.3.5(105). The DNS replies are blocked by the outbound ACL for Domain Name System (DNS) queries initiated from outside to inside. The ACL does not have explicit access control entries to allow DNS replies from theDNS server back to the client.

Resolution

For a workaround, explicitly permit the traffic from source UDP port 53 and the address of the inside DNS server in the ACL.

As an alternative, upgrade the PIX code to version 6.3(5.109) or the latest version. Refer to Software Download: Cisco PIX Security Appliance Software.

Product Family

Firewall - PIX 500 series

PIX Software Version

PIX version 6.x

Can You Ping...

Client can ping by IP, but not by name

Labels:
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents