Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
643
Views
0
Helpful
0
Replies

Cisco ASA label length 32 bytes exceeds remaining packet length limit of 9 bytes

evan-stein
Level 1
Level 1

‎08-16-2016 12:07 PM - edited ‎03-12-2019 01:08 AM

I'm getting the error message below.

%ASA-4-410001: Dropped UDP DNS request from inside:x.x.x.x/59053 to dmz1:x.x.x.x/53; label length 32 bytes exceeds remaining packet length limit of 9 bytes

The inside ip address is our internal AD and the dmz device is our RODC.

I'm running on a Cisco ASA 5540 Software Version 8.2(5)48

My inspection engine info policy is below.

policy-map type inspect dns dns-inspect
 parameters
  message-length maximum client auto
  message-length maximum 4096
policy-map global_policy
 class inspection_default
  inspect NetBIOS

I'm new to the ASA so please let me know what other information you may need.

Respectfully

Evan

2 people had this problem
Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card