Buy or Renew
Buy or Renew
NEW! Stay up-to-date on Cisco Secure Access: Software Release Notes and Announcements
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
258
Views
0
Helpful
3
Replies

Passing DNS traffics

boots
Level 1
Level 1

‎11-12-2002 01:16 PM - edited ‎03-09-2019 01:02 AM

Hi All,

I'm new to the PIX firewalls.

Currently I have a VPN connection via PIX firewalls between my company and XYZ company. We only have SSH traffic for file transfer between these two sites. I need to forwad all the DNS requests to company XYZ via the PIX firewalls. I have to create a rule to allow TCP port 53 from my internal DNS to their DNS servers...Coorect?

Q: Is there any else I need to do on the PIX?

Thank you for your help...

Labels:
0 Helpful
3 Replies 3

s-doyle
Level 3
Level 3

‎11-18-2002 01:27 PM

DNS uses UDP port 53 and not TCP port 53.

0 Helpful

bhaase
Level 1
Level 1
In response to s-doyle

‎11-18-2002 02:28 PM

Thats incorrect. DNS uses both TCP and UDP. DNS zone transfers(server to server transfers)use TCP 53, due to the large amount of data being exchanged a reliable protocol is needed. But for regular DNS lookups UDP 53 is used.

0 Helpful

gfullage
Cisco Employee
Cisco Employee

‎11-18-2002 04:47 PM

Regardless of what port it uses (it does use both TCP and UDP), if you have a LAN-to-LAN tunnel built, and you also have the "sysopt connection permit-ipsec" command in your PIX configuration, then you don't need to build specific access-lists for all the different types of traffic that'll go over the tunnel. As long as the DNS traffic falls within the "interesting" traffic defined by the crypto ACL, then the traffic will flow from site to site.

0 Helpful
Customers Also Viewed These Support Documents