UDP Inspection Is Not Configured

UDP Inspection Is Not Configured

A DNS query works on protocol UDP and port number 53. Assume the DNS server for your corporation is located at the Internet service provider (ISP) network, which is on the unprotected side of the CBAC router. If one of your internal hosts on the protected side of the CBAC router tries to reach a website on the protected or unprotected side using a domain name, it will make a DNS query for name resolution to the IP address, before it can make the actual web connection. If you do not inspect UDP on the CBAC router, this name resolution will fail. This will cause the failure of the actual web request.

After going through the preceding troubleshooting steps, if you are still having issues, execute show ip inspect session again. If the session is there and the status that is shown is anything but SIS_OPEN, troubleshoot this further by checking the following:

• Return traffic might not be coming back to the router.

• ICMP traffic is not inspected.

• There is a problem with inspecting Single Channel Protocol.

• The required Multi-Channel Protocol is not inspected.

• IP URL Filtering might be blocking the connection.

• There is a redundancy or asymmetric routing problem.