Firewall Wizards mailing list archives
Re: firewall-wizards Digest, Vol 16, Issue 2
From: "Tedeski, William" <William.Tedeski () acs-inc com>
Date: Thu, 2 Aug 2007 11:25:53 -0500
FWSM-2-106007: Deny inbound UDP from 172.17.50.3/53 to 172.29.6.2/1026 due to DNS Response
This messages may be from more than one response from the DNS The ASA/PIX/FWSM with DNS Fixup on, will permit the first response but block any other after that. Do a "show local-host" command using the address of the system on the higher security interface, while that system is trying to connect. The display will show you an connects built as well as the connect state flags. The connect state flags may be the best tool to diagnose an issue on the ASA/PIX/FWSM Bill Tedeski ACS Inc
_______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: firewall-wizards Digest, Vol 16, Issue 2 Tedeski, William (Aug 21)
- <Possible follow-ups>
- Re: firewall-wizards Digest, Vol 16, Issue 2 Tedeski, William (Aug 21)