cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1415
Views
0
Helpful
3
Replies

Problem when setting firewall on AS5350XM

mitkin2891
Level 1
Level 1

Hi,

I'm trying to configure an extended access list on one AS5350XM but I get one way hearing on a voice calls and I can't determine why (please see the attached diagram). There is an OSPF running on both gigabit interfaces and the Loopback address is also advertised (it is actually the voip IP address). The access list is applied on both interfaces in the inbound direction. There is another gateway with IP:4.4.4.4 (no firewalls here) and the routing between gateways is working properly.

Here is part of the access list (applied on AS5350):

.

.

permit ip host 4.4.4.4 host 3.3.3.3

.

.

When I review the log of the AS5350xm I see many errors like this one:

%SEC-6-IPACCESSLOGP: list example denied udp 3.3.3.3(16638) -> 4.4.4.4(18094), 1 packet

So how it is possible to see this error since the access list is in inbound direction and the IP address (4.4.4.4) is open. I don't have problems when I do telnet or ssh from 3.3.3.3 to 4.4.4.4.

Thanks

3 Replies 3

Parminder Sian
Level 1
Level 1

Hey,

Have you tried disabling inspections for voice if any, also have a look at this link :-

http://www.cisco.com/en/US/customer/tech/tk652/tk698/technologies_tech_note09186a008009484b.shtml

Regards,

Sian

Hey Sian,

Thank you for your reply. Everything works ok regarding the voice part. The one way voice issue only appears when I apply the access list in the inbound direction on both interfaces. I see the problem but I don't understand why it happens.

%SEC-6-IPACCESSLOGP: list example denied udp 3.3.3.3(16638) -> 4.4.4.4(18094), 1 packet

The loopback interface is with IP 3.3.3.3 and it is not normal to see an inbound packet coming to the router with this source IP (if it is not spoofed of course) expecially going to the 4.4.4.4 which is obviously in the other direction. It looks like that I applied the ACL into the out direction but I didn't.

Any other ideas?

Thanks

mitkin2891
Level 1
Level 1

Any other ideas? I will appreciate any help on this matter.

Thank you.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: