Solved

Capture ACL for Cisco PIX 6.3

Posted on 2009-05-06
4
736 Views
Last Modified: 2013-11-05
I'm trying to setup a capture on the inside interface of my PIX that grabs all traffic coming/leaving an IP adress except for DNS traffic. Can someone help me with this? This is what I currently have (which isn't working; DNS is still coming through)

access-list capture_southfld-server deny udp any any eq domain
access-list capture_southfld-server permit ip host 192.168.17.51 any
access-list capture_southfld-server permit ip any host 192.168.17.51
capture capture_southfld-server access-list capture_southfld-server interface inside
0
Comment
Question by:meade470
  • 2
4 Comments
 
LVL 6

Expert Comment

by:ricks_v
ID: 24321099
try this instead:

access-list capture_southfld-server deny udp any any eq 53
access-list capture_southfld-server deny tcp any any eq 53
access-list capture_southfld-server permit ip host 192.168.17.51 any
access-list capture_southfld-server permit ip any host 192.168.17.51
capture capture_southfld-server access-list capture_southfld-server interface inside

0
 
LVL 43

Expert Comment

by:JFrederick29
ID: 24325290
You also need to deny DNS as the source which to deny the return traffic:

access-list capture_southfld-server deny udp any any eq 53
access-list capture_southfld-server deny udp any eq 53 any
access-list capture_southfld-server permit ip host 192.168.17.51 any
access-list capture_southfld-server permit ip any host 192.168.17.51
capture capture_southfld-server access-list capture_southfld-server interface inside
0
 
LVL 2

Author Comment

by:meade470
ID: 24329990
Thanks. This made sense to me but it didn't work. I'm still seeing DNS in the captures. We have a simple environment: switch --> router --> PIX --> internet. Not sure why this isn't working...
0
 
LVL 43

Accepted Solution

by:
JFrederick29 earned 500 total points
ID: 24332332
Yeah, that should work but since it's not, the easiest thing to do is when you open the capture in Ethereal or Wireshark, you can use the display filter to exclude the DNS traffic.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Optimal Xbox 360 connectivity requires "OPEN NAT". If you use Juniper Netscreen or SSG firewall products in a home setting, the following steps will allow you get rid of the dreaded warning screen below and achieve the best online gaming environment…
Imagine you have a shopping list of items you need to get at the grocery store. You have two options: A. Take one trip to the grocery store and get everything you need for the week, or B. Take multiple trips, buying an item at a time, to achieve t…
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

830 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question