RV110W - Access Rules

jeffschneider1 · ‎06-26-2013

Have 2 rules to allow all traffic to 2 specific IP addresses.

Below that, rule to BLock all SIP traffic.

When I enaable the Block SIP rule, it blocks the 2 specific IP addresses (SIP) also.

Thought the rules applied in top down order?

jeffrrod · ‎06-28-2013

Dear Jeff,

Thank you for reaching Small Business Support Community.

The order in which access rules are displayed in the access rules table indicates the order in which the rules are applied, so yes, the rules must be applied top to down as long as the status shows "active". Please double check on the "allow" access rule. and if that is not the problem please attach a screenshot of the access rules table.

Something else to look at is if there are any logs about the access rules, so please enable "log" on both access rules and copy the logs output to check that out, notice that enabling logging may generate a significant volume of log messages and is recommended for debugging purposes only, so turn it off after you capture some logs.

What firmware release version are you running? So, that I can look for bugs.

I'll be looking forward to hear from you.

Kind regards,

Jeffrey Rodriguez S. .:|:.:|:.
Cisco Customer Support Engineer

*Please rate the Post so other will know when an answer has been found.

Jeffrey Rodriguez S. .:|:.:|:. Cisco Customer Support Engineer *Please rate the Post so other will know when an answer has been found.

jeffschneider1 · ‎06-28-2013

Jeffrey,

Firmware is 1.2.0.9

Jeff

Elia Gargini · ‎01-19-2016

Same problem with last firmware

jeffschneider1 · ‎06-28-2013

Jeffrey,

The rules:

Always allow	All Traffic	Enabled	Inbound (WAN > LAN)	SIP Trunk IP#1	SIP Server	Always
Always allow	All Traffic	Enabled	Inbound (WAN > LAN)	SIP Trunk IP#2	SIP Server	Always




Always block	Voice(SIP)	Enabled	Inbound (WAN > LAN)	Any	SIP Server	Always

Once Rule 3 is Enabled, all SIP traffic including IP#1 and IP#2 are blocked. The server does not get the requests and the log shows DENY for the IP addresses.

Jeff

chrebert · ‎06-29-2013

Hello Jeff,

My name is Chris from the Cisco Small Business Support Center.

From what I am seeing it looks like the rules you have should create the desired effect.

What if you tried it the other way around?

Since all traffic from WAN to LAN is blocked by default anyway, try using just an inbound rule to allow the SIP traffic.

So you would have a rule for each SIP Trunk IP that looks like this:

Always allow - Voice(SIP) - Enabled - Inbound (WAN>LAN) - SIP Trunk IP#1/2 - SIP Server - Always

and then the implicit deny all WAN>LAN inbound traffic would just take care of the rest.

Give that a try and let me know how it goes.

Christopher Ebert

---

Network Support Engineer - Cisco Small Business Support Center

jeffschneider1 · ‎07-01-2013

Chris,

Thanks for the help but having no rule is how the sip traffic was hacked. We have other outside ips into this router without a rule to allow so i'm not sure block is the default.

jeff

shieldedge · ‎07-11-2013

We have an RV215W that does the same thing. I have enabled the logs and it does NOT log the allow, only the deny. I have double checked to make sure the logging on the allow rule is selected. It seems to be something to do with the way the rules are applied like maybe all deny rules are processed first, then the allows.