Solved: Re: rules for udp in firewall

suthomas1 · ‎05-28-2010

Hello,

Do we need bidirectional rules to allow udp traffic to pass through ASA firewall. In a case where voice related udp ports needed to be opened up, and this access is for external to internal , does it need two way udp rules?

Thanks in advance!

Jennifer Halim · ‎05-28-2010

If the call signalling goes through the firewall as well, whether they are skinny or sip, and you have enabled the corresponding inspection, ie: inspect skinny or inspect sip, it will automatically open the pin hole for the RTP (voice stream), therefore, there is no requirement to open the UDP ports on access-list. If you however disable the inspection, you would need to manually allow the RTP stream, and hence yes, you would need to open it on both interfaces because call can be made either way.

Hope that helps.

View solution in original post

Jennifer Halim · ‎05-28-2010

If the call signalling goes through the firewall as well, whether they are skinny or sip, and you have enabled the corresponding inspection, ie: inspect skinny or inspect sip, it will automatically open the pin hole for the RTP (voice stream), therefore, there is no requirement to open the UDP ports on access-list. If you however disable the inspection, you would need to manually allow the RTP stream, and hence yes, you would need to open it on both interfaces because call can be made either way.

Hope that helps.