Couple of questions, may be related (DNS and LDAP) source and destination
I recently replaced our CheckPoint NGX R62 firewall with a Cisco ASA 5520. Everything is working, for the most part.
The first question I have is:
We have two DMZ's, in one of the DMZ's there is a couple of servers that need access to internal LDAP, so I give these servers access to internal LDAP server on TCP/389 (ldap) and figure I should be good to go... Unfortunately, in the syslog it shows the requests being blocked by the ACL. The reason is because the LDAP requests are sourcing from different ports than TCP/389, but the destination is TCP/389. How do I get the ACL to work by allowing requests on destination port TCP/389?
Second question: (may be related)
The first rule on each of my DMZ interfaces is anything to "internal DNS" servers on TCP/UDP 53, allow. First I must say that DNS lookups are working from the DMZ's to internal, but in ASDM, it show number of hits as ZERO. Likewise, I have a rule on the internal interface that allows "internal DNS" access to any on TCP/UDP 53, and it shows hits as ZERO in ASDM as well, even though lookups work to external DNS servers, as expected from them. Any ideas?
I can post config if need be. Thanks for help in advance.
Re: Couple of questions, may be related (DNS and LDAP) source an
Thanks, but I already have the ACL's setup like I want them. The only issue I'm having now is that DNS requests from internal to internet or from our DMZ's to internal are not registering hits. DNS requests work, they just aren't showing hit count.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...