Solved: > I have not permitted 53 in

bluesea2010 · ‎03-24-2016

Hi,

I am getting the below messeges in my syslog

Built inbound UDP connection x.x.x.x for Outside:public ip /57360 (Public Ip/57360) to Inside:Inside local ip /53 (Inside global IP/53)

I have not permitted 53 in my access list but it bulit an inbound connection

Please help

Karsten Iwen · ‎03-24-2016

> I have not permitted 53 in my access list but it bulit an inbound connection

Are you sure? What is the output of

packet-tracer input outside udp 1.2.3.4 1234 INSIDE_GLOBAL_IP 53

Or show your ACL and NAT-config.

--
If you found this post helpful, please give it Kudos. If my answer solves your problem, please click Accept as Solution so others can benefit from it.

View solution in original post

Karsten Iwen · ‎03-24-2016

> I have not permitted 53 in my access list but it bulit an inbound connection

Are you sure? What is the output of

packet-tracer input outside udp 1.2.3.4 1234 INSIDE_GLOBAL_IP 53

Or show your ACL and NAT-config.

--
If you found this post helpful, please give it Kudos. If my answer solves your problem, please click Accept as Solution so others can benefit from it.

bluesea2010 · ‎03-24-2016

Hi

our command helped to identify the acl

Thanks

bluesea2010 · ‎03-31-2016

Hi,

I have done packet tracing , in packet trace acl droped , but in syslog (attached) built connection ?

packet-tracer input outside udp globaloutside 53 global inside 58610

Phase: 1
Type: ROUTE-LOOKUP
Subtype: Resolve Egress Interface
Result: ALLOW
Config:
Additional Information:
in OUTSIDE-IP 255.255.255.255 identity

Phase: 2
Type: ROUTE-LOOKUP
Subtype: Resolve Egress Interface
Result: ALLOW
Config:
Additional Information:
in 0.0.0.0 0.0.0.0 via WANinterface-ip, Outside

Phase: 3
Type: NAT
Subtype: per-session
Result: ALLOW
Config:
Additional Information:

Phase: 4
Type: ACCESS-LIST
Subtype:
Result: DROP
Config:
Implicit Rule
Additional Information:

Result:
input-interface: Outside
input-status: up
input-line-status: up
output-interface: NP Identity Ifc
output-status: up
output-line-status: up
Action: drop
Drop-reason: (acl-drop) Flow is denied by configured rule

Thanks

Karsten Iwen · ‎03-31-2016

what are you trying to simulate with these port-numbers?

packet-tracer input outside udp globaloutside 53 global inside 58610

For a real simulation the destination port has to be 53. And which addresses are you using in the trace?

--
If you found this post helpful, please give it Kudos. If my answer solves your problem, please click Accept as Solution so others can benefit from it.

bluesea2010 · ‎03-31-2016

Hi,

I am getting dns amplification attack , that's why the source port is 53 (source is address is a public ip from outside and destination is my auto nat ip address which is the outside interface ip of the firewall

Thanks

bluesea2010 · ‎03-24-2016

Hi,

Just to understand ,from NAT-config how can we troubleshoot these kind of problems ?

Thanks

Karsten Iwen · ‎03-24-2016

> Just to understand ,from NAT-config how can we troubleshoot these kind of problems ?

it just could be used to see if there is any configuration that allows this inbound traffic.

--
If you found this post helpful, please give it Kudos. If my answer solves your problem, please click Accept as Solution so others can benefit from it.

syslog message -need help