Hi All,
I have a problem resolving DNS when my LAN is connected through a CSS
1151.Here the Layout Firewall -> CSS (for Load Balancing between Web Servers) -> Cisco 2950 LAN Switch -> Servers
Firewall -> CSS is connected through VLAN 2
CSS -> LAN Switch is connected through VLAN 1
LAN Switch -> Servers are connected through VLAN 1
Here the CSS ACL
Quote
!**************************** ACL **************************** acl 1 clause 10 permit any any destination any apply circuit-(VLAN1)
acl 2 clause 10 permit tcp any destination 10.0.2.80 eq 80 clause 20 permit tcp any destination 10.0.2.83 eq 80 clause 30 permit any any destination 224.0.0.18 clause 40 permit tcp any destination 10.0.0.0 255.255.255.0 eq 1433 clause 50 permit tcp any destination 10.0.0.0 255.255.255.0 eq 1414 clause 60 permit tcp any eq 389 destination 10.0.0.0 255.255.255.0 clause 70 permit tcp any eq 709 destination 10.0.0.0 255.255.255.0 clause 80 permit icmp any destination any clause 90 permit tcp any destination 10.0.0.0 255.255.255.0 eq 1415 clause 100 permit tcp any destination 10.0.0.0 255.255.255.0 eq 25 clause 110 permit tcp any destination 10.0.0.0 255.255.255.0 eq 110 clause 120 permit tcp any destination 10.0.0.0 255.255.255.0 eq 53 clause 130 permit tcp any destination 10.0.2.85 eq 80 clause 140 permit udp 132.246.168.148 255.255.255.255 eq 123 destination 10.0.0.0 255.255.255.0 clause 150 permit udp 10.0.0.9 255.255.255.255 destination
132.246.168.148 255.255.255.255 eq 123 clause 160 permit udp 132.132.132.132 255.255.255.255 eq 123 destination 10.0.0.0 255.255.255.0 apply circuit-(VLAN2)So when I try to go to google.com from a server I get the following from the CSS
Quote CSS2# sh log sys.log JUL 6 10:39:23 5/1 632 ACL-7: NO ACL rule match! Discarding packet JUL 6 10:39:23 5/1 633 ACL-7: UDP SrcPort: 53 DestPort: 3273 JUL 6 10:39:23 5/1 634 ACL-7: Source: 10.0.2.1 JUL 6 10:39:23 5/1 635 ACL-7: Dest: 10.0.0.9
My Internal DNS is set to forward to 10.0.2.1 witch is the Internal Firewall. Then the Firewall is set to forward to the ISP DNS. From the Firewall I can resolve DNS. All other network connections are fine... I can browse the web with IP no problems.
I hadded the following clause in acl 2 for vlan 2
Quote clause 15 permit any any destination any
Opening everything but still no DNS resolving....
If I remove the CSS I can resolve DNS...
Anyone has any idea?
Cheers
Hannibal