Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
New Member

How to instruct PIX no inspect the dns of max length 1200 only for specific dns server

Good Day,

we have an idea of migrating the ip segments in IPV6 which may use the dns packet of length 1200.

How do i tell my pix to inspect the dns packet of max length 1200 only for specific dns and to instruct other dns to take normal dns inspection.

Kindly advice.

Regards,

SSOC Support

Everyone's tags (2)
1 REPLY
Cisco Employee

Re: How to instruct PIX no inspect the dns of max length 1200 on

remove dns inspection from the class default inspection and add it as a separate class where you match an acl where you deny the flow

that you do not want inspected and allow the rest.

Read this thread where https://supportforums.cisco.com/message/3015384#3015384

we removed http inspection from the class default and added it in a separate class.

-KS

370
Views
0
Helpful
1
Replies
CreatePlease to create content