10-27-2015 04:46 AM - edited 03-11-2019 11:47 PM
Hi All,
Apologies as this has been mentioned numerous times before but can anyone point me to a specific resolution for this issue we have?
Our web proxies are connecting to OpenDNS on UDP 53 and our firewalls are configured to let this traffic through.
Our log servers are getting filled with the following (names and key ips changed):
2015-10-27 11:29:22 Local6.Warning "Ip Address" Oct 27 2015 11:29:33 "Firewall": %ASA-4-313500: No matching connection for ICMP error message: icmp src: "interface" 1.1.1.1 dst outside:208.67.220.220 (type 3, code 3) on "interface" interface. original IP payload: udp src 208.67.220.220/53 dst 1.1.1.1/43222
Same for alternate OpenDNS IP 208.67.222.222
These are about 95% of the log errors I have on the path.
We have inspect icmp error enabled and I have added a rule to permit ICMP unreachables but this does not stop this error logging.
Any advice will be priceless.
Thanks in advance
Adrian