https://community.cisco.com/t5/network-security/problem-when-setting-firewall-on-as5350xm/m-p/1745352#M530701 <P>Hi, </P><P></P><P>I'm trying to configure an extended access list on one AS5350XM but I get one way hearing on a voice calls and I can't determine why (please see the attached diagram). There is an OSPF running on both gigabit interfaces and the Loopback address is also advertised (it is actually the voip IP address). The access list is applied on both interfaces in the inbound direction. There is another gateway with IP:4.4.4.4 (no firewalls here) and the routing between gateways is working properly. </P><P></P><P>Here is part of the access list (applied on AS5350): </P><P>.</P><P>.</P><P>permit ip host 4.4.4.4 host 3.3.3.3</P><P>.</P><P>.</P><P></P><P>When I review the log of the AS5350xm I see many errors like this one:</P><P>%SEC-6-IPACCESSLOGP: list example denied udp 3.3.3.3(16638) -&gt; 4.4.4.4(18094), 1 packet</P><P></P><P>So how it is possible to see this error since the access list is in inbound direction and the IP address (4.4.4.4) is open. I don't have problems when I do telnet or ssh from 3.3.3.3 to 4.4.4.4.</P><P></P><P>Thanks</P> Mon, 11 Mar 2019 21:25:32 GMT mitkin2891 2019-03-11T21:25:32Z https://community.cisco.com/t5/network-security/problem-when-setting-firewall-on-as5350xm/m-p/1745352#M530701 <P>Hi, </P><P></P><P>I'm trying to configure an extended access list on one AS5350XM but I get one way hearing on a voice calls and I can't determine why (please see the attached diagram). There is an OSPF running on both gigabit interfaces and the Loopback address is also advertised (it is actually the voip IP address). The access list is applied on both interfaces in the inbound direction. There is another gateway with IP:4.4.4.4 (no firewalls here) and the routing between gateways is working properly. </P><P></P><P>Here is part of the access list (applied on AS5350): </P><P>.</P><P>.</P><P>permit ip host 4.4.4.4 host 3.3.3.3</P><P>.</P><P>.</P><P></P><P>When I review the log of the AS5350xm I see many errors like this one:</P><P>%SEC-6-IPACCESSLOGP: list example denied udp 3.3.3.3(16638) -&gt; 4.4.4.4(18094), 1 packet</P><P></P><P>So how it is possible to see this error since the access list is in inbound direction and the IP address (4.4.4.4) is open. I don't have problems when I do telnet or ssh from 3.3.3.3 to 4.4.4.4.</P><P></P><P>Thanks</P> Mon, 11 Mar 2019 21:25:32 GMT https://community.cisco.com/t5/network-security/problem-when-setting-firewall-on-as5350xm/m-p/1745352#M530701 mitkin2891 2019-03-11T21:25:32Z https://community.cisco.com/t5/network-security/problem-when-setting-firewall-on-as5350xm/m-p/1745353#M530702 <HTML><HEAD></HEAD><BODY><P>Hey,</P><P></P><P>Have you tried disabling inspections for voice if any, also have a look at this link :-</P><P></P><P><A class="jive-link-external-small" href="http://www.cisco.com/en/US/customer/tech/tk652/tk698/technologies_tech_note09186a008009484b.shtml">http://www.cisco.com/en/US/customer/tech/tk652/tk698/technologies_tech_note09186a008009484b.shtml</A></P><P></P><P>Regards,</P><P>Sian</P></BODY></HTML> Mon, 19 Sep 2011 04:20:59 GMT https://community.cisco.com/t5/network-security/problem-when-setting-firewall-on-as5350xm/m-p/1745353#M530702 Parminder Sian 2011-09-19T04:20:59Z https://community.cisco.com/t5/network-security/problem-when-setting-firewall-on-as5350xm/m-p/1745354#M530703 <HTML><HEAD></HEAD><BODY><P>Hey Sian, </P><P></P><P>Thank you for your reply. Everything works ok regarding the voice part. The one way voice issue only appears when I apply the access list in the inbound direction on both interfaces. I see the problem but I don't understand why it happens. </P><P></P><P>%SEC-6-IPACCESSLOGP: list example denied udp 3.3.3.3(16638) -&gt; 4.4.4.4(18094), 1 packet</P><P></P><P>The loopback interface is with IP 3.3.3.3 and it is not normal to see an inbound packet coming to the router with this source IP (if it is not spoofed of course) expecially going to the 4.4.4.4 which is obviously in the other direction. It looks like that I applied the ACL into the out direction but I didn't. </P><P></P><P>Any other ideas?</P><P></P><P>Thanks </P></BODY></HTML> Mon, 19 Sep 2011 21:20:30 GMT https://community.cisco.com/t5/network-security/problem-when-setting-firewall-on-as5350xm/m-p/1745354#M530703 mitkin2891 2011-09-19T21:20:30Z https://community.cisco.com/t5/network-security/problem-when-setting-firewall-on-as5350xm/m-p/1745355#M530704 <HTML><HEAD></HEAD><BODY><P>Any other ideas? I will appreciate any help on this matter.</P><P></P><P>Thank you.</P></BODY></HTML> Thu, 22 Sep 2011 14:05:39 GMT https://community.cisco.com/t5/network-security/problem-when-setting-firewall-on-as5350xm/m-p/1745355#M530704 mitkin2891 2011-09-22T14:05:39Z