topic Re: Traffic Allow from Firewall in Network Security

Traffic Allow from Firewall

Warshad — Wed, 21 Dec 2022 18:57:22 GMT

When commissioning the two new Windows VMs. We have a problem with the deployment

There, the servers to be installed can not reach the DNS server and it looks as if it does not go on in your customer network.

It seems traffic needs to be allow from Firewall. I have very basic understanding with Firewalls. I guess i need to create a ACL to allow traffic from Source 172.31.200.0/24 and 172.16.1.93 and 172.16.1.93 Destination. Correct me if i am wrong? What the command i should use to allow the traffic for 172.31.200.0/24?

I need to allow the complete subnet 172.31.200.0/24

The server has the following IP configuration:

NSLOOKUP ends with each request in a timeout:

Tracert:

Here we get to the customer network and then it's over.

A server in the same subnet (SAP-GBN-102-W) can reach the DNS and the queries are answered!

Regards,

Arshad

Re: Traffic Allow from Firewall

balaji.bandi — Wed, 21 Dec 2022 19:12:56 GMT

I take this FW as ASA - then Look at the below ACL for reference , if you have asdm then its easy to allow.

https://community.cisco.com/t5/network-security/cisco-asa-create-acl-for-dns/td-p/3063461

Re: Traffic Allow from Firewall

Warshad — Wed, 21 Dec 2022 19:20:32 GMT

Thank you for reply. Yes, Its a Cisco ASA. We also have ASDM. Could you please provide any reference guide for ASDM.

Re: Traffic Allow from Firewall

MHM Cisco World — Wed, 21 Dec 2022 19:51:33 GMT

traceroute show many hops without success ?
what is 172.31.255.10 ?
from there start your troubleshooting.

Re: Traffic Allow from Firewall

balaji.bandi — Wed, 21 Dec 2022 19:49:21 GMT

Not sure how is your topology of you network : if you looking to allowed your Local network to reach DNS Server, that was failing (may resolve your issue).

https://www.youtube.com/watch?v=so0ExziTt2A

Re: Traffic Allow from Firewall

Warshad — Wed, 21 Dec 2022 19:53:48 GMT

172.31.255.10 is a dmz switch and there is Cisco ASA after this switch. so it means i have to allow the traffic from that firewall. could you please provide me any guide for Cisco ASDM?

Re: Traffic Allow from Firewall

MHM Cisco World — Wed, 21 Dec 2022 20:01:51 GMT

ASA 8.X and later: Add or Modify an Access List through the ASDM GUI Configuration Example - Cisco

your DNS server is 172.16.1.93 ? and I think this Server connect to other DMZ or to INside ?
if yes then you need to
1-if DNS server in DMZ/IN that have same security level then you need
same security traffic permit inter-interface
2- if the DNS server in DMZ/IN with different security level you need
acl permit udp any host x.x.x.x 53