11-21-2011 06:29 PM - edited 03-16-2019 08:10 AM
I keep getting a strange alert from CUCM 8.5.1(SU3) about an illegal UDP packet. The source address is from the H323 gateways and is in the RTP range?
Been looking around and cannot find any reference to it. Happens about once a week. Any ideas?
At Tue Nov 22 13:14:33 EST 2011 on node 10.11.2.253, the following SyslogSeverityMatchFound events generated:
SeverityMatch : Critical
MatchedEvent : Nov 22 13:14:04 callmanager-pub local4 2 : 150: callmanager-pub: Nov 22 2011 13:14:04.784 +1100: %CSA-2-EVENT_SHIELD_DENY: %[PID=12653][component=CiscoSecurityAgent] : A packet with a bad transport layer header was detected. Reason: Illegal UDP Port. UDP: 10.12.4.254/27216->10.11.2.253/0. The operation was denied. [rule 819] AppID : Cisco Syslog Agent ClusterID :
NodeID : callmanager-pub
TimeStamp : Tue Nov 22 13:14:04 EST 2011
TIA
Pieter
Solved! Go to Solution.
11-24-2011 08:28 AM
Hi,
This looks like a bug.
If you access the bug toolkit it tells you which 8.5.1 upgrade will fix it.
HTH
Alex
Please rate useful posts
11-24-2011 08:28 AM
Hi,
This looks like a bug.
If you access the bug toolkit it tells you which 8.5.1 upgrade will fix it.
HTH
Alex
Please rate useful posts
11-24-2011 02:21 PM
Hi Alex,
Thanks for the response. 50 views and 1 response :-)
I agree, its a bug but I doubt its the abovementioned one.
Thanks for the response.
Pieter
01-25-2012 06:12 PM
We are encountering the same issue. I've been looking for any docs but can't find any. Anyone who has encountered this and how to troubleshoot?
01-26-2012 10:37 PM
Hi,
No, my customer reported that it just “stopped”. You can disable the CSA if it continues. My concern was PSTN toll fraud, but there are ways of preventing this, which is what I did to put my mind at ease.
Sorry couldn’t help.
Regards
Pieter
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide