01-07-2014 10:04 AM - edited 03-11-2019 08:26 PM
1: 07:48:59.867249 0026.51d7.65c1 0025.4538.6b73 0x0800 95: 10.235.5.31.38001 > 64.x.x.x.1194: [udp sum ok] udp 53 (DF) (ttl 62, id 0)
I'm troubleshooting an issue with a device that once installed is per their support supposed to create a tunnel over port 1194 to their cloud. I see traffic passing to and from this device to their address space including this port but it is all udp 53? Can someone explain this?
Needless to say at this point the tunnel is not forming.
Solved! Go to Solution.
01-07-2014 12:24 PM
Hi,
Isnt the source/destination port mentioned right after the IP address?
10.235.5.31.38001 > 64.x.x.x.1194
I guess that would mean that the 53 is the packet size?
Where is this output from? I am too used to looking captures through Wireshark even though I take captures on the ASA itself most of the time.
Can't say I know what the problem might be but if we are talking about UDP then naturally there is no actual connection forming/sync. Is there traffic both ways or is the UDP traffic one way?
- Jouni
01-07-2014 12:32 PM
I believe you are correct about the ports Jouni. I too have been spoiled by Wireshark.
Anthony- Can you do a packet tracer so we can see if/where it could be blocked on the ASA?
01-07-2014 10:43 AM
UDP53 is DNS lookups. Perhaps the vendors device is trying to perform name resolution to the cloud hostname.
01-07-2014 12:24 PM
Hi,
Isnt the source/destination port mentioned right after the IP address?
10.235.5.31.38001 > 64.x.x.x.1194
I guess that would mean that the 53 is the packet size?
Where is this output from? I am too used to looking captures through Wireshark even though I take captures on the ASA itself most of the time.
Can't say I know what the problem might be but if we are talking about UDP then naturally there is no actual connection forming/sync. Is there traffic both ways or is the UDP traffic one way?
- Jouni
01-07-2014 12:32 PM
I believe you are correct about the ports Jouni. I too have been spoiled by Wireshark.
Anthony- Can you do a packet tracer so we can see if/where it could be blocked on the ASA?
01-07-2014 01:26 PM
Thanks for the replies guys. You are correct those are packet sizes and those are the ports. It turns out the device firmware was the cause of the issue.
That capture was from a packet capture on 8.2 ASA. I didn't understand what the '53' was showing me until Jouni mentioned it.
I appreciate the feedback.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide