Hi guys,
This is my call flow:
Jabber(VPN) -> Int FW -> TRP / CUCM -> Office IP phones
I have arranged for a Firewall traces and see these pass and drop logs:
Pass Logs:
[fw_4] eth1-01:i[64]: 10.159.197.38 -> 10.92.254.15 (TCP) len=64 id=44168
TCP: 49616 -> 8443 .S.... seq=ec1c1c18 ack=00000000
[fw_6] eth1-01:i[64]: 10.159.197.38 -> 10.92.254.15 (TCP) len=64 id=60258
TCP: 49617 -> 6970 .S.... seq=50fd0fe7 ack=00000000
Drop Logs:
;[cpu_0];[fw_0];fw_log_drop: Packet proto=6 10.171.253.78:58802 -> 10.159.197.38:49587 dropped by fw_handle_first_packet Reason: Rulebase drop - rule 100;
;[cpu_0];[fw_0];fw_log_drop: Packet proto=6 10.171.253.78:58802 -> 10.159.197.38:49587 dropped by fw_handle_first_packet Reason: Rulebase drop - rule 100;
It seems to be that CUCM is sending packets in high port range which I thought CUCM only send in 16384-32767 range ? Does anyone has the similar experience that CUCM is sending higher range port numbers than 32767?
Any advice will be much much appreciated.
Thanks,
Tony