I have a situation where IT support are saying that a couple of customer computers are expiriencing problems with connections. There has been situations in the past where its been related to DNS (DNS traffic was dropped due to the size which we had to increase in the "inspect" rules)
Now I am regularly seeing alot of log messages of DNS traffic beeing dropped and I cant figure out what the actual problems is.
Basicly the customer has a L2 connection directly to the FWSM context. They naturally have a link to the Internet and also a DMZ with DNS server and some other services running.
Now what I see is error messages about DNS replies from the DMZ server to the LAN hosts
The actual log message might be something like this
Feb 13 2012 14:03:38 CONTEXT-NAME : %FWSM-2-106007: Deny inbound UDP from 172.16.100.10/53 to 10.10.24.26/52678 due to DNS Response
The inside hosts are mostly configured with DHCP straight from the FWSM context. They only have one assigned DNS server which is the DMZ server above (172.16.100.10)
Now if I am reading the description for this syslog message correctly, this error message should usually imply that there is more than 1 DNS server beeing used by some host/server?
Still I am watching the syslog messages in real time and I can only see the LAN hosts DNS traffic to the server and the DNS server traffic to ISPs DNS servers. I cant see the LAN host sending any DNS querys to a public DNS server.
Any idea what could be causing this. I found one post on these very forums about similiar issue (atleast same error message) but I dont think the situation was exactly the same.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
[toc:faq]Introduction:This document describes details on how NAT-T
works.Background:ESP encrypts all critical information, encapsulating
the entire inner TCP/UDP datagram within an ESP header. ESP is an IP
protocol in the same sense that TCP and UDP are I...