Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

FWSM blocks DNS, not WWW, should allow both

I'm running into an issue where my 6509 with FWSM installed is lets www requests through, but blocks DNS, despite being told to permit both.

Most perversely, it's blocking DNS on my internal networks. I've got the FWSM set up in single context mode, with a 1-port-to-1-vlan relationship for each of the different firewalls, and even the "internal" networks are blocked from each other. So long as either or both the nameserver netblock and the client netblock must transit the FWSM, all DNS traffic fails. (Things work fine whrn the Nameservers are taken off the FWSM and so is the client network. But then what's the point of having an FWSM if you circumvent it for everything?) Meanwhile, web access works fine in all permutations of different networks being on or off the FWSM.


Re: FWSM blocks DNS, not WWW, should allow both

disable "dns inspection" on FWSM and check if it works.


New Member

Re: FWSM blocks DNS, not WWW, should allow both

you might have something like this:

"fixup protocol dns maximum-length 512"

in your config of the FWSM?

for test try this:

no fixup protocol dns