Solved

Capture ACL for Cisco PIX 6.3

Posted on 2009-05-06
4
734 Views
Last Modified: 2013-11-05
I'm trying to setup a capture on the inside interface of my PIX that grabs all traffic coming/leaving an IP adress except for DNS traffic. Can someone help me with this? This is what I currently have (which isn't working; DNS is still coming through)

access-list capture_southfld-server deny udp any any eq domain
access-list capture_southfld-server permit ip host 192.168.17.51 any
access-list capture_southfld-server permit ip any host 192.168.17.51
capture capture_southfld-server access-list capture_southfld-server interface inside
0
Comment
Question by:meade470
  • 2
4 Comments
 
LVL 6

Expert Comment

by:ricks_v
ID: 24321099
try this instead:

access-list capture_southfld-server deny udp any any eq 53
access-list capture_southfld-server deny tcp any any eq 53
access-list capture_southfld-server permit ip host 192.168.17.51 any
access-list capture_southfld-server permit ip any host 192.168.17.51
capture capture_southfld-server access-list capture_southfld-server interface inside

0
 
LVL 43

Expert Comment

by:JFrederick29
ID: 24325290
You also need to deny DNS as the source which to deny the return traffic:

access-list capture_southfld-server deny udp any any eq 53
access-list capture_southfld-server deny udp any eq 53 any
access-list capture_southfld-server permit ip host 192.168.17.51 any
access-list capture_southfld-server permit ip any host 192.168.17.51
capture capture_southfld-server access-list capture_southfld-server interface inside
0
 
LVL 2

Author Comment

by:meade470
ID: 24329990
Thanks. This made sense to me but it didn't work. I'm still seeing DNS in the captures. We have a simple environment: switch --> router --> PIX --> internet. Not sure why this isn't working...
0
 
LVL 43

Accepted Solution

by:
JFrederick29 earned 500 total points
ID: 24332332
Yeah, that should work but since it's not, the easiest thing to do is when you open the capture in Ethereal or Wireshark, you can use the display filter to exclude the DNS traffic.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
ASA 5520 problem with Failover in Active/Standby 8 68
Routing question between wifi / firewall and switch 11 81
Cisco ASA 5506 4 53
Ping configured interface on Sonicwall 16 48
I recently had the displeasure of buying a new firewall at one of the buildings I play Sys Admin at. I had to get a better firewall than the cheap one that I had there since I was reconnecting the main office to the satellite office via point-to-poi…
Network traffic routing plays key role in your network, if you have single site with heavy browsing or multiple sites, replicating important application data from your Primary Default Gateway ,you have to route your other network traffic from your p…
This Micro Tutorial demonstrates using Microsoft Excel pivot tables, how to reverse engineer competitors' marketing strategies through backlinks.
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

778 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question