My logs are indicating udp 53 connections to my primary windows2003 domain controller located on the inside of my ASA5510 from outside sources...are these DNS connections related to the stateful connections initiated from the domain controller?
I don't have access to a firewall these days but if you do could you check something for me.
My understanding was that UDP is "pseudo-stateful" on a stateful firewall ie. it isn't truely stateful as you say because there are no flags (SYN/ACK/FIN/RST) but a stateful firewall still keeps a pseudo state by recording the src/dst IP and port numbers and using a timer ie. when it sees the initial UDP packet go out it sets a timer and if it sees the response based on IP and port numbers within the specified time it assumes it is part of the same connection.
What i can't remember is if the connection is initiated from inside to the outside and an entry is made in the state table, for UDP does the return traffic also put an entry into the state table. My understanding was that it didn't because it just used the existing entry.
So i would have said if the OP is seeing in his logs connections to his domain controller these can't be responses to outbound queries but new connections.
Apologies for the long windedness, think i might need to bone up on my firewall knowledge again :-)
You are correct - the firewall will keep track of the "connection" thru itself, using src/dst ip with src/dst port numbers - also binding them into a NAT/PAT table also used to some extent for verification of a valid session. Any connectionless protocol passing-thru the firewall will be only be closed after the timeout.
I suppose the question is - is there an acl to permit DNS queries sourced from the outside to the Domain Controller??
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :