Hi, I have a 3745 router. I have configured CBAC on one interface, the FE4/1.

Now I have installed IP telephones (192.168.111.10) on the FE0/1 and an IP Office (192.168.30.50) on the FE4/1 but it doesn't work.

I don't understand why I see the return traffic of the telephone by CBAC and not by the access-list.

Can anybody help me?

Extended IP access list 102

permit tcp host 192.168.111.2 eq 445 host 172.16.204.64 eq 2672 (1 match)

permit udp host 192.168.111.10 eq 3000 host 192.168.30.50 eq 1719 (1 match)

permit tcp host 192.168.111.2 eq 139 host 172.16.204.64 eq 2674 (3 matches)

permit tcp host 192.168.111.2 eq 139 host 172.16.204.64 eq 2673 (3 matches)

10 permit tcp host 192.168.111.10 any (2 matches)

20 permit udp host 192.168.111.10 any (18 matches)

150 permit ip host 192.168.111.24 10.1.0.0 0.0.0.255 (104 matches)

160 permit ip host 192.168.111.26 10.1.0.0 0.0.0.255 (27 matches)

170 permit ip host 192.168.111.28 10.1.0.0 0.0.0.255 (27 matches)

This is the entire configuration:

router#sh run

version 12.3

no aaa new-model

ip subnet-zero

!

ip inspect name intranet tcp

ip inspect name intranet udp

ip inspect name intranet h323

ip audit notify log

ip audit po max-events 100

!

interface FastEthernet0/0

ip address 10.120.105.6 255.255.255.248

ip access-group 103 in

!

interface FastEthernet0/1

ip address 192.168.111.30 255.255.255.224

ip access-group 102 in

!

interface FastEthernet4/1

ip address 172.16.215.217 255.255.0.0

ip access-group 101 in

ip inspect intranet in

!

ip classless

ip route 0.0.0.0 0.0.0.0 172.16.1.250

ip route 10.1.0.0 255.255.255.0 192.168.111.129

ip route 10.105.253.0 255.255.255.0 10.120.105.1

!

access-list 101 permit tcp any host 172.16.215.217 eq telnet

access-list 101 permit ip host 172.16.201.56 192.168.111.0 0.0.0.31

access-list 101 permit ip host 172.16.201.56 10.120.105.0 0.0.0.7

access-list 101 permit ip host 172.16.201.56 10.105.253.0 0.0.0.255

access-list 101 permit icmp host 172.16.201.56 any

access-list 101 permit ip host 172.16.245.37 192.168.111.0 0.0.0.31

access-list 101 permit ip host 172.16.245.37 10.120.105.0 0.0.0.7

access-list 101 permit ip host 172.16.245.37 10.105.253.0 0.0.0.255

access-list 101 permit icmp host 172.16.245.37 any

access-list 101 permit ip host 192.168.215.49 192.168.111.0 0.0.0.31

access-list 101 permit ip host 192.168.215.49 10.120.105.0 0.0.0.7

access-list 101 permit ip host 192.168.215.49 10.105.253.0 0.0.0.255

access-list 101 permit icmp host 192.168.215.49 any

access-list 101 permit ip host 172.16.20.190 host 192.168.111.2

access-list 101 permit ip host 172.16.204.64 host 192.168.111.2

access-list 101 permit ip host 192.168.30.50 any

access-list 102 permit tcp host 192.168.111.10 any

access-list 102 permit udp host 192.168.111.10 any

access-list 102 permit ip host 192.168.111.1 10.105.253.0 0.0.0.255

access-list 102 permit ip host 192.168.111.2 10.105.253.0 0.0.0.255

access-list 102 permit ip host 192.168.111.3 10.105.253.0 0.0.0.255

access-list 102 permit ip host 192.168.111.4 10.105.253.0 0.0.0.255

access-list 102 permit ip host 192.168.111.5 10.105.253.0 0.0.0.255

access-list 102 permit ip host 192.168.111.6 10.105.253.0 0.0.0.255

access-list 102 permit icmp host 192.168.111.1 any

access-list 102 permit icmp host 192.168.111.2 any

access-list 102 permit icmp host 192.168.111.3 any

access-list 102 permit icmp host 192.168.111.4 any

access-list 102 permit icmp host 192.168.111.5 any

access-list 102 permit icmp host 192.168.111.6 any

access-list 102 permit ip host 192.168.111.24 10.1.0.0 0.0.0.255

access-list 102 permit ip host 192.168.111.26 10.1.0.0 0.0.0.255

access-list 102 permit ip host 192.168.111.28 10.1.0.0 0.0.0.255

end