03-24-2016 12:26 AM - edited 03-12-2019 12:32 AM
Hi,
I am getting the below messeges in my syslog
Built inbound UDP connection x.x.x.x for Outside:public ip /57360 (Public Ip/57360) to Inside:Inside local ip /53 (Inside global IP/53)
I have not permitted 53 in my access list but it bulit an inbound connection
Please help
Solved! Go to Solution.
03-24-2016 12:45 AM
> I have not permitted 53 in my access list but it bulit an inbound connection
Are you sure? What is the output of
packet-tracer input outside udp 1.2.3.4 1234 INSIDE_GLOBAL_IP 53
Or show your ACL and NAT-config.
03-24-2016 12:45 AM
> I have not permitted 53 in my access list but it bulit an inbound connection
Are you sure? What is the output of
packet-tracer input outside udp 1.2.3.4 1234 INSIDE_GLOBAL_IP 53
Or show your ACL and NAT-config.
03-24-2016 01:49 AM
Hi
our command helped to identify the acl
Thanks
03-31-2016 08:40 AM
Hi,
I have done packet tracing , in packet trace acl droped , but in syslog (attached) built connection ?
packet-tracer input outside udp globaloutside 53 global inside 58610
Phase: 1
Type: ROUTE-LOOKUP
Subtype: Resolve Egress Interface
Result: ALLOW
Config:
Additional Information:
in OUTSIDE-IP 255.255.255.255 identity
Phase: 2
Type: ROUTE-LOOKUP
Subtype: Resolve Egress Interface
Result: ALLOW
Config:
Additional Information:
in 0.0.0.0 0.0.0.0 via WANinterface-ip, Outside
Phase: 3
Type: NAT
Subtype: per-session
Result: ALLOW
Config:
Additional Information:
Phase: 4
Type: ACCESS-LIST
Subtype:
Result: DROP
Config:
Implicit Rule
Additional Information:
Result:
input-interface: Outside
input-status: up
input-line-status: up
output-interface: NP Identity Ifc
output-status: up
output-line-status: up
Action: drop
Drop-reason: (acl-drop) Flow is denied by configured rule
Thanks
03-31-2016 08:53 AM
what are you trying to simulate with these port-numbers?
packet-tracer input outside udp globaloutside 53 global inside 58610
For a real simulation the destination port has to be 53. And which addresses are you using in the trace?
03-31-2016 10:19 AM
Hi,
I am getting dns amplification attack , that's why the source port is 53 (source is address is a public ip from outside and destination is my auto nat ip address which is the outside interface ip of the firewall
Thanks
03-24-2016 04:33 AM
Hi,
Just to understand ,from NAT-config how can we troubleshoot these kind of problems ?
Thanks
03-24-2016 11:30 AM
> Just to understand ,from NAT-config how can we troubleshoot these kind of problems ?
it just could be used to see if there is any configuration that allows this inbound traffic.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide