05-14-2008 05:08 PM - edited 03-11-2019 05:45 AM
I'm running into an issue where my 6509 with FWSM installed is lets www requests through, but blocks DNS, despite being told to permit both.
Most perversely, it's blocking DNS on my internal networks. I've got the FWSM set up in single context mode, with a 1-port-to-1-vlan relationship for each of the different firewalls, and even the "internal" networks are blocked from each other. So long as either or both the nameserver netblock and the client netblock must transit the FWSM, all DNS traffic fails. (Things work fine whrn the Nameservers are taken off the FWSM and so is the client network. But then what's the point of having an FWSM if you circumvent it for everything?) Meanwhile, web access works fine in all permutations of different networks being on or off the FWSM.
05-16-2008 10:51 PM
disable "dns inspection" on FWSM and check if it works.
Syed
05-19-2008 05:59 AM
you might have something like this:
"fixup protocol dns maximum-length 512"
in your config of the FWSM?
for test try this:
no fixup protocol dns
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide