Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Guest WLAN and DNS tunneling (IP over DNS with iodine, NSTX, etc)

Hello,

I'm trying to implement guest WLAN with web authentication on the WLC 2504. L3 for guests WLAN is terminated on ASA 5510 (as subinterface).

All works pretty fine. Guests clients are prompted to enter login/password, guests are authenticated against ACS and so on.

But I have a strange idea. How can I prevent unauthorised DNS tunneling from the guest network?

I think that DNS tunneling can be prevented with dns-guard on ASA and dns inspections, e.g. drop dns packets larger then 512 bytes and perform deep inspection againd packets.

Any ideas or advices?

871
Views
0
Helpful
0
Replies
CreatePlease to create content