cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
679
Views
0
Helpful
7
Replies

syslog message -need help

bluesea2010
Level 5
Level 5

Hi,

I am getting  the below messeges in my syslog 

Built inbound UDP connection x.x.x.x for Outside:public ip /57360 (Public Ip/57360) to Inside:Inside local ip /53 (Inside global IP/53)

I have not permitted 53 in my access list but it bulit an inbound connection 

Please help

1 Accepted Solution

Accepted Solutions

> I have not permitted 53 in my access list but it bulit an inbound connection 

Are you sure? What is the output of

packet-tracer input outside udp 1.2.3.4 1234 INSIDE_GLOBAL_IP 53

Or show your ACL and NAT-config.

View solution in original post

7 Replies 7

> I have not permitted 53 in my access list but it bulit an inbound connection 

Are you sure? What is the output of

packet-tracer input outside udp 1.2.3.4 1234 INSIDE_GLOBAL_IP 53

Or show your ACL and NAT-config.

Hi

our command helped to identify the acl 

Thanks

Hi,

I have done packet tracing  , in packet trace  acl droped , but in syslog (attached) built connection ?

packet-tracer input outside udp globaloutside 53 global inside 58610

Phase: 1
Type: ROUTE-LOOKUP
Subtype: Resolve Egress Interface
Result: ALLOW
Config:
Additional Information:
in OUTSIDE-IP 255.255.255.255 identity

Phase: 2
Type: ROUTE-LOOKUP
Subtype: Resolve Egress Interface
Result: ALLOW
Config:
Additional Information:
in 0.0.0.0 0.0.0.0 via WANinterface-ip, Outside

Phase: 3
Type: NAT
Subtype: per-session
Result: ALLOW
Config:
Additional Information:

Phase: 4
Type: ACCESS-LIST
Subtype:
Result: DROP
Config:
Implicit Rule
Additional Information:

Result:
input-interface: Outside
input-status: up
input-line-status: up
output-interface: NP Identity Ifc
output-status: up
output-line-status: up
Action: drop
Drop-reason: (acl-drop) Flow is denied by configured rule

Thanks

what are you trying to simulate with these port-numbers?

packet-tracer input outside udp globaloutside 53 global inside 58610

For a real simulation the destination port has to be 53. And which addresses are you using in the trace?

Hi,

I am getting dns amplification attack , that's why the source port is 53 (source is address is a public ip from outside and  destination is my auto nat ip address which is the outside interface ip of the firewall 

Thanks

bluesea2010
Level 5
Level 5

Hi,

Just to understand ,from NAT-config how can we troubleshoot these kind of problems ? 

Thanks 

> Just to understand ,from NAT-config how can we troubleshoot these kind of problems ? 

it just could be used to see if there is any configuration that allows this inbound traffic.

Review Cisco Networking for a $25 gift card