Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ISA570 internal DNS blocking

Hi,

I have a new customer that I recently installed an ISA 570 to replace a Cisco 1800 router. The customer has an internal DNS/DHCP server (10.1.0.10) that is on the default subnet (10.1.0.0/16). After about an hour DNS stops working and the server can no longer get to the Internet. The server cannot ping the default gateway either, however it can ping other clients on its on subnet.

     In between the ISA 570 and the Server is a manageable switch that is unmanaged, but I have connected directly to ISA with same results. after a few hours of troubleshooting we changed the IP of the server(10.1.0.5) and it started working. Eureka! then after an hour it stops working again. I have turned off every extra security feature on the ISA. I have since changed back to the 1800 router and have 0 problems.

     I am stumped. I did a packet capture on the ISA default interface and looked at wireshark. I see many packets sourced from the server and 0 with it as the destination.

     latest code 1.2.17 and I tried 1.2.15 just to check

any help would be appreciated.

thanks in advance

Everyone's tags (3)
1 ACCEPTED SOLUTION

Accepted Solutions

Re: ISA570 internal DNS blocking

Try pointing it to the ISA and see if that helps. Really shouldn't make a difference and a bit of a stab in the dark, but what you're experiencing doesn't really make sense either since you have all security features turned off. My thinking is that it's seeing multiple DNS requests from a single host when it's expecting to handle DNS. Like I said, stab in the dark. ;-)

Sent from Cisco Technical Support iPhone App

Shawn Eftink CCNA/CCDA Please rate all helpful posts and mark correct answers to assist others searching for solutions in the community.
7 REPLIES

Re: ISA570 internal DNS blocking

Not that it should matter, but is your internal DNS server pointing to the ISA or an external DNS server for forwarding?

Sent from Cisco Technical Support iPhone App

Shawn Eftink CCNA/CCDA Please rate all helpful posts and mark correct answers to assist others searching for solutions in the community.
New Member

Re: ISA570 internal DNS blocking

The internal DNS is pointing external and not to the ISA. IT doesnt have any ports forwarded  its an open DNS I believe.

Re: ISA570 internal DNS blocking

Try pointing it to the ISA and see if that helps. Really shouldn't make a difference and a bit of a stab in the dark, but what you're experiencing doesn't really make sense either since you have all security features turned off. My thinking is that it's seeing multiple DNS requests from a single host when it's expecting to handle DNS. Like I said, stab in the dark. ;-)

Sent from Cisco Technical Support iPhone App

Shawn Eftink CCNA/CCDA Please rate all helpful posts and mark correct answers to assist others searching for solutions in the community.
New Member

Re: ISA570 internal DNS blocking

Would seeing too many DNS request from a single IP cause it to block the internal server?

Re: ISA570 internal DNS blocking

It really shouldn't, but that's the theory I'm working under to draw this recommended action.

Sent from Cisco Technical Support iPhone App

Shawn Eftink CCNA/CCDA Please rate all helpful posts and mark correct answers to assist others searching for solutions in the community.
New Member

Re: ISA570 internal DNS blocking

I pointed the customers DNS server to the ISA and it hasnt starting blocking it yet. It has been a few days so i think that fixed it.(more of a work around) Doesnt make any sense, with all the security turned off.

Re: ISA570 internal DNS blocking

Completely agree. I'd recommend contacting SBS Support to submit a bug.

http://www.cisco.com/cisco/web/solutions/small_business/small_business_support_and_resources.html

Sent from Cisco Technical Support iPhone App

Shawn Eftink CCNA/CCDA Please rate all helpful posts and mark correct answers to assist others searching for solutions in the community.
698
Views
0
Helpful
7
Replies
CreatePlease login to create content