I started out on a mission to block instant messaging- (AIM, Yahoo, MSN)
To avoid an endless list of IP's, I was planning on blocking the login servers by DNS name. I soon discovered that our PIX cannot resolve any hostnames. It can ping to the outside world just fine, but it cannot ping any hostname, including itself. DNS server configuration seems to be a different beast altogether on PIX.
Am I missing something? How should I go about making this possible?
Some brief info:
Cisco PIX Firewall Version 6.2(2)
Cisco PIX Device Manager Version 2.1(1)
Hardware: PIX-525, 256 MB RAM, CPU Pentium III 600 MHz
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
[toc:faq]Introduction:This document describes details on how NAT-T
works.Background:ESP encrypts all critical information, encapsulating
the entire inner TCP/UDP datagram within an ESP header. ESP is an IP
protocol in the same sense that TCP and UDP are I...