Solved

Capture ACL for Cisco PIX 6.3

Posted on 2009-05-06
4
740 Views
Last Modified: 2013-11-05
I'm trying to setup a capture on the inside interface of my PIX that grabs all traffic coming/leaving an IP adress except for DNS traffic. Can someone help me with this? This is what I currently have (which isn't working; DNS is still coming through)

access-list capture_southfld-server deny udp any any eq domain
access-list capture_southfld-server permit ip host 192.168.17.51 any
access-list capture_southfld-server permit ip any host 192.168.17.51
capture capture_southfld-server access-list capture_southfld-server interface inside
0
Comment
Question by:meade470
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 6

Expert Comment

by:ricks_v
ID: 24321099
try this instead:

access-list capture_southfld-server deny udp any any eq 53
access-list capture_southfld-server deny tcp any any eq 53
access-list capture_southfld-server permit ip host 192.168.17.51 any
access-list capture_southfld-server permit ip any host 192.168.17.51
capture capture_southfld-server access-list capture_southfld-server interface inside

0
 
LVL 43

Expert Comment

by:JFrederick29
ID: 24325290
You also need to deny DNS as the source which to deny the return traffic:

access-list capture_southfld-server deny udp any any eq 53
access-list capture_southfld-server deny udp any eq 53 any
access-list capture_southfld-server permit ip host 192.168.17.51 any
access-list capture_southfld-server permit ip any host 192.168.17.51
capture capture_southfld-server access-list capture_southfld-server interface inside
0
 
LVL 2

Author Comment

by:meade470
ID: 24329990
Thanks. This made sense to me but it didn't work. I'm still seeing DNS in the captures. We have a simple environment: switch --> router --> PIX --> internet. Not sure why this isn't working...
0
 
LVL 43

Accepted Solution

by:
JFrederick29 earned 500 total points
ID: 24332332
Yeah, that should work but since it's not, the easiest thing to do is when you open the capture in Ethereal or Wireshark, you can use the display filter to exclude the DNS traffic.
0

Featured Post

Webinar May 25: Cloud Security Strategies for SMBs

Small and mid-sized businesses are a driving force behind cloud adoption, and it’s no wonder: cloud benefits are BIG.  But for all the convenience that moving to the cloud provides, where does security come into play?

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Direct Access 2012R2 Two Network Card Configuration Behind TMG 2010 3 113
Port forwarding 14 200
Routing between two networks? 10 106
ASA 5505 latency problem 8 71
I found an issue or “bug” in the SonicOS platform (the firmware controlling SonicWALL security appliances) that has to do with renaming Default Service Objects, which then causes a portion of the system to become uncontrollable and unstable. BACK…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
I've attached the XLSM Excel spreadsheet I used in the video and also text files containing the macros used below. https://filedb.experts-exchange.com/incoming/2017/03_w12/1151775/Permutations.txt https://filedb.experts-exchange.com/incoming/201…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question