Very informative!
I have check the release notes for releases 4.2
One of the flaw of the previous versions is the "noop" phenomenon
http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_v42/pixrn420.h
tm#xtocid1236635
I am running version 4.07. Apparently I need a 2MB flash update before
upgrade.
If the cost is prohibitive (>100$ I may have to get rid of the PIX box
Please advise
Pierre-Alex
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Thursday, September 20, 2001 6:20 AM
Subject:
noop
by rhenium with smtp (Exim 3.22 #6)
id 15k1oO-0002iw-00
for [EMAIL PROTECTED]; Thu, 20 Sep 2001 12:16:08 +0100
Message-ID:
From: "Andy Lee"
To: "Pierre-Alex GUANEL"
References:
Subject: Re: PIX / DNS [7:20518]
Date: Thu, 20 Sep 2001 11:53:12 +0100
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.50.4807.1700
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4807.1700
Pierre
It may be due to DNS guard on the PIX (automatically closes DNS UDP session
once DNS response received rather than wait for associated UDP timers to
expire).
I assume there will still be a small time associated with closing the DNS
UDP session & the PIX blocks any additional replies during this period
FYI DNS guard enabled as default.
Regards
Andy
****************************************************************************
****************
If you require Cisco consultancy skills or assistance with a Cisco
Upgrade/rollout on an ADHOC basis (UK only) please contact me via email & I
shall forward my CV. (No agencies)
I am an instructor who is finding himself with gaps in his teaching schedule
due to thnoop
periods of 1 - 14days.
(I can negotiate longer periods if necessary)
****************************************************************************
****************
----- Original Message -----
From: "Pierre-Alex GUANEL"
To:
Sent: Thursday, September 20, 2001 11:41 AM
Subject: PIX / DNS [7:20518]
> Has anyone seen this before ("due to DNS Response")?
>
> How do I see details on the DNS response that was denied (packet coming on
> the external interface of the firewall I presume)?
>
> 106007 Deny inbound UDP from 208.145.207.71/9597 to 10.1.1.51/1077 due
> to DNS Response
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=20535&t=20535
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]