Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > Fixup protocol

Reply
Thread Tools

Fixup protocol

 
 
franklin.28@gmail.com
Guest
Posts: n/a
 
      08-03-2006
Hi all,

Can some explain the correct usage of no fixup protocol dns command..
will this anyway bring about utilisation of PIX

Frank

 
Reply With Quote
 
 
 
 
www.BradReese.Com
Guest
Posts: n/a
 
      08-03-2006
Hi Frank,

You may wish to investigate Cisco's DNS Fixup:

http://www.cisco.com/en/US/products/....html#wp110415

Hope this helps.

Brad Reese
http://www.BradReese.Com
1293 Hendersonville Road, Suite 17
Asheville, North Carolina USA 28803
USA & Canada: 877-549-2680
International: 828-277-7272
Fax: 775-254-3558
AIM: R2MGrant
BradReese.Com - Cisco Power Supply Headquarters
http://www.bradreese.com/cisco-power...-inventory.htm

 
Reply With Quote
 
 
 
 
Walter Roberson
Guest
Posts: n/a
 
      08-03-2006
In article <(E-Mail Removed) .com>,
http://www.velocityreviews.com/forums/(E-Mail Removed) <(E-Mail Removed)> wrote:

>Can some explain the correct usage of no fixup protocol dns command..


If you use the alias command, then there are -two- effects, one
having to do with changing the destination IP on -outgoing- packets,
and the other having to do with rewriting DNS responses. One might
want the IP destination rewriting without wanting the DNS rewriting;
if so then you would turn off the DNS fixup.

If you are using PIX 6.2 or PIX 6.3, then using the 'alias' command
is not encouraged, and the 'dns' keyword for the 'static' command
is recommended instead. If you are not using 'alias' and you did not
want DNS fixups to occur, you would normally just leave out the
'dns' keyword on the 'static'. It appears to me, though, that there is
no equivilent to the 'dns' keyword for nat/global commands, so
you might still need to disable the dns fixup for that case.

If you are using PIX 6.3, then the dns fixup also checks the length
of DNS responses, to prevent buffer overflows. When you use
'no fixup protocol dns' then the length checks are not done, which
might be important for you (especially if you want your users to be
able to stream music or videos by using DNS requests to bypass
restrictions on http accesses.)


>will this anyway bring about utilisation of PIX


Sorry, I do not understand that question ?
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
fixup protocol for http B Squared Cisco 4 07-19-2005 07:01 AM
PIX MailGuard "fixup protocol smtp" and Exchange Server? David K Cisco 2 01-09-2004 02:26 PM
PIX 6.3(3) Fixup protocol dns and tftp... Masud Reza Cisco 1 01-03-2004 11:18 PM
fixup protocol esp-ike Michael Cisco 1 11-29-2003 04:16 AM
fixup smtp question Michael Cisco 1 11-28-2003 05:42 AM



Advertisments