Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
542
Views
0
Helpful
3
Replies

Doubt with Log

Diego Maciel Gomes
Level 1
Level 1

‎07-23-2012 02:01 PM - edited ‎03-11-2019 04:33 PM

Hello All

I have some doubts with log of ASA...

If someone help me

Jul 23 16:54:42 11.11.11.11 %ASA-4-313005: No matching connection for ICMP error message: icmp src outside:172.20.20.20 dst inside:172.19.19.19 (type 3, code 3) on outside interface.  Original IP payload: udp src 172.19.19.19/53 dst 172.20.20.20/61126.

172.20.20.20 = workstation

172.19.19.19 = server

Why this message?

Maybe any drop in my network because of it???

How can I fix it?

Thanks anyway.

Diego

Labels:
0 Helpful
3 Replies 3

Jennifer Halim
Cisco Employee
Cisco Employee

‎07-23-2012 07:06 PM

That means port is unreachable and from your error message since it's UDP/53, the DNS resolution either does not work, or it already passes through the timeout for DNS reply. As a safety measure the firewall will drop the packet if it doesn't receive the DNS reply within certain period of time, this is to prevent against DNS attack.

0 Helpful

Diego Maciel Gomes
Level 1
Level 1
In response to Jennifer Halim

‎07-24-2012 07:00 AM

Hi Jennifer, thanks for your answer..

hum... I have the port udp/53 allowed...

Maybe a problem with the server??? Or anything I need to do on ASA?

0 Helpful

Jennifer Halim
Cisco Employee
Cisco Employee
In response to Diego Maciel Gomes

‎07-24-2012 08:21 AM

Yeah, seems like problem with the server if port is already allowed on the ASA.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card