Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

PIX Firewall Packet Inspection RADIUS/DNS Problem

Hello,

I am running a PIX 525 firewall, with PIX software version 7.2.1. I am using the default global service-policy, and RADIUS packets are being dropped with a log message stating that the label length is exceeding 63 bytes. The log message (clip below) states that it is a DNS packet, but I know it is for RADIUS by the IP address of our RADIUS servers and the port number. How, can I change the packet inspection to stop dropping these packets? Are the RADIUS packets being misidentified as DNS packets?

Apr 25 17:04:22 cr1 Apr 25 2007 17:04:22: %PIX-4-410001: Dropped UDP DNS request from inside:X.X.X.X/1812 to outside:X.X.X.X/49196; label length 79 bytes exceeds protocol limit of 63 bytes

  • Firewalling
1 REPLY
Silver

Re: PIX Firewall Packet Inspection RADIUS/DNS Problem

Match the RADIUS packets with ACLS and apply it in Modular Policy map configuration to customise in order to allow and inspect the RADIUS packets.

286
Views
0
Helpful
1
Replies
This widget could not be displayed.