dns on pix

Posted on 2004-11-11
Last Modified: 2013-11-16
hi i have just configure dns servers on my local lan 192.168.1.x behind a pix

if i use the servers locally there is no problem, but when i tried to do it outside y reicive timeouts from nslookup

i did nat rule form outside to inside addreses, and also acl to allow domain on upd an tcp

static (inside,outside) netmask 0 0

access-list 100 permit udp host any eq domain
access-list 100 permit tcp host any eq domain  

can someone tell me how can i cheked if there is a problem with my dns configuration (reverse address) or firewall stuff

Question by:Alejandro_Lopez
    LVL 79

    Accepted Solution

    Assuming that is actually a public IP address, your acl is backwards:

       >access-list 100 permit udp host any eq domain

    Should be:
        access-list 100 permit udp any host <ip address> eq domain

    Then re-apply the acl:
       access-group 100 in interface outside

    Author Comment


    Thanks i was doing inverse thing, i still have some kind of trouble but now can access dns server so it's a reverse ip stuff


    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    How to run any project with ease

    Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
    - Combine task lists, docs, spreadsheets, and chat in one
    - View and edit from mobile/offline
    - Cut down on emails

    This is about downgrading PIX Version 8.0(4) & ASDM 6.1(5) to PIX 7.2(4) and ASDM 5.2(4) but with only 64MB RAM and 16MB flash. Background: You have a Cisco Pix 515E which was running on PIX 7.2(4) and its supporting ASDM 5.2(4) without any i…
    The DROP (Spamhaus Don't Route Or Peer List) is a small list of IP address ranges that have been stolen or hijacked from their rightful owners. The DROP list is not a DNS based list.  It is designed to be downloaded as a file, with primary intention…
    how to add IIS SMTP to handle application/Scanner relays into office 365.
    Internet Business Fax to Email Made Easy - With eFax Corporate (, you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…

    737 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    20 Experts available now in Live!

    Get 1:1 Help Now