Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Re: firewall-wizards Digest, Vol 16, Issue 2

From: "Tedeski, William" <William.Tedeski () acs-inc com>
Date: Thu, 2 Aug 2007 11:25:53 -0500 


FWSM-2-106007: Deny inbound UDP from 172.17.50.3/53 to
172.29.6.2/1026 due to DNS Response


This messages may be from more than one response from the DNS 
The ASA/PIX/FWSM with DNS Fixup on, will permit the first response but block
any other after that.


Do a "show local-host" command using the address of the system on the higher
security interface, while that system is trying to connect.

The display will show you an connects built as well as the connect state
flags. The connect state flags may be the best tool to diagnose an issue on
the ASA/PIX/FWSM

Bill Tedeski
ACS Inc

_______________________________________________
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: