Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

DNS issues on Pix 7.0(2)

Hi Guys,

I recently upgrade my site which has a single Pix515e and running ver 6.3(3) with two redundant pixes 515e running 7.0(2). Besides configuring failover configuration differently, I copied my original configs and pasted on ver 7.0(2). Everythings worked beside my DNS. I have a couple of Linix server inside my local(Privte) segment. Could some check the two config and determine why it does not work.

Regards

Abdi

2 REPLIES

Re: DNS issues on Pix 7.0(2)

Try changing the packet size of your dns inspection. This is the size on your PIX but the ASA defaults to 512 and will drop bigger packets.

policy-map global_policy

class inspection_default

inspect dns maximum-length 1024

Hope it helps ... rate it if it does !!!

Re: DNS issues on Pix 7.0(2)

Also make sure the below entries are correct on your access-list 100 ... Your PIX shows a different IP address:

access-list 100 extended permit tcp any host 63.x.x.98 range 51 domain

access-list 100 extended permit tcp any host 63.x.x.99 range 51 domain

access-list 100 extended permit udp any host 63.x.x.98 range 51 domain

access-list 100 extended permit udp any host 63.x.x.99 range 51 domain

282
Views
0
Helpful
2
Replies
CreatePlease to create content