Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

PIX DACL won't match UDP

I have setup downloadable ACL's between a IAS Radius Server and a PIX 515e running 6.3(3) code.

The downloading of ACL's works fine and I can see all the Access-list entries downloading to the pix.

But for some reason the pix never matches entries for UDP traffic. eg ;

ip:inacl#200=permit udp 10.0.1.0 255.255.255.0 host 192.168.1.1 eq 53

Even though the entry is in the AAA-USER-username ACL, DNS traffic will never be permitted. I have double checked in ethereal that the queries are udp and are going to the configured dns server.

Anyone able to fill me in on what is going on here?

Thanks

Fletcher

2 REPLIES
Silver

Re: PIX DACL won't match UDP

Try configuring the reverse statement , permit udp 10.0.1.0 255.255.255.0 host 192.168.1.1 eq 53 to allow the DNS traffic back to the PC.

New Member

Re: PIX DACL won't match UDP

No such luck sorry.

any other ideas?

109
Views
0
Helpful
2
Replies