Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
New Member

udp port 53 issue

hello folks!!!

We have created an ACL to allow TCP and UDP port 53 to/from DMZ and Inside Network. When we use packet-tracer tool through ASDM to verify the connectivity from DMZ to inside interface UDP packet gets dropped.

When we test the same port_53 using TCP it works perfectly fine.

We are getting error (inspect-dns-invalid-pak)DNS Inspect Invalid Packet.

Kindly Help us troubleshoot the problem.

1 REPLY

Re: udp port 53 issue

Joseph

From CCO:

inspect-dns-invalid-pak - This counter will increment when the security appliance detects an invalid DNS packet. For example, a DNS packet with no DNS header, the number of DNS resource records not matching the counter in the header, etc.

Is DNS resolution from inside to DMZ not working ? browsing etc ? This is just an information message.. nothing serious here..

DNS is on DMZ right ?

Regards

Raj

155
Views
0
Helpful
1
Replies
CreatePlease to create content