Solved

Capture ACL for Cisco PIX 6.3

Posted on 2009-05-06
4
743 Views
Last Modified: 2013-11-05
I'm trying to setup a capture on the inside interface of my PIX that grabs all traffic coming/leaving an IP adress except for DNS traffic. Can someone help me with this? This is what I currently have (which isn't working; DNS is still coming through)

access-list capture_southfld-server deny udp any any eq domain
access-list capture_southfld-server permit ip host 192.168.17.51 any
access-list capture_southfld-server permit ip any host 192.168.17.51
capture capture_southfld-server access-list capture_southfld-server interface inside
0
Comment
Question by:meade470
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 6

Expert Comment

by:ricks_v
ID: 24321099
try this instead:

access-list capture_southfld-server deny udp any any eq 53
access-list capture_southfld-server deny tcp any any eq 53
access-list capture_southfld-server permit ip host 192.168.17.51 any
access-list capture_southfld-server permit ip any host 192.168.17.51
capture capture_southfld-server access-list capture_southfld-server interface inside

0
 
LVL 43

Expert Comment

by:JFrederick29
ID: 24325290
You also need to deny DNS as the source which to deny the return traffic:

access-list capture_southfld-server deny udp any any eq 53
access-list capture_southfld-server deny udp any eq 53 any
access-list capture_southfld-server permit ip host 192.168.17.51 any
access-list capture_southfld-server permit ip any host 192.168.17.51
capture capture_southfld-server access-list capture_southfld-server interface inside
0
 
LVL 2

Author Comment

by:meade470
ID: 24329990
Thanks. This made sense to me but it didn't work. I'm still seeing DNS in the captures. We have a simple environment: switch --> router --> PIX --> internet. Not sure why this isn't working...
0
 
LVL 43

Accepted Solution

by:
JFrederick29 earned 500 total points
ID: 24332332
Yeah, that should work but since it's not, the easiest thing to do is when you open the capture in Ethereal or Wireshark, you can use the display filter to exclude the DNS traffic.
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

We sought a budget ($5,000) firewall solution that would provide all the performance we needed with no single point of failure.  Hosting a SAAS web application in our datacenter, it was critical that we find a way to keep connectivity up and inbound…
I found an issue or “bug” in the SonicOS platform (the firmware controlling SonicWALL security appliances) that has to do with renaming Default Service Objects, which then causes a portion of the system to become uncontrollable and unstable. BACK…
In this video, viewers are given an introduction to using the Windows 10 Snipping Tool, how to quickly locate it when it's needed and also how make it always available with a single click of a mouse button, by pinning it to the Desktop Task Bar. Int…
Do you want to know how to make a graph with Microsoft Access? First, create a query with the data for the chart. Then make a blank form and add a chart control. This video also shows how to change what data is displayed on the graph as well as form…
Suggested Courses

630 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question