I have the IOS firewall enabled on a C891F router - IP inspect. Its all working, however I have hit an issue with a specific destination IPv4 address that bypasses the inspection and doesn't create the state for the returning packets.
I have masked the 1st three octets for my source and destination in the sample output below, however the behaviour is the same for any destination address that ends 'x.x.x.255'.
My source IPv4 address is 220.127.116.11 and the destination is 18.104.22.168. The 22.214.171.124 is from a /30 block we are using to do some testing so it is split into 4 x /32 host addresses (126.96.36.199/32, 188.8.131.52/32,184.108.40.206/32 & 220.127.116.11/32) that are announced within our AS. The other four addresses don't cause the issue so its obviously due to the .255.
The C891F is running IOS 15.6(1)T3 and I can't go beyond this as all later releases contain a bug with SIP RTP that has never been fixed. With every new IOS release I test, see the bug when making a SIP call and then revert back to 15.6(1)T3 as the issue doesn't occur with this release (there is a traceback and a disruption to the RTP stream every 30-seconds).
Already tried that and get the same results Giuseppe. I suspect its a bug as its quite old IOS. I'll update the IOS to that latest and test it again when I get chance. Its not a huge inconvenience now that I know what the issue is.
I've been working from home and my IPv4 address is dynamic so rebooting and getting a new IPv4 address assigned to the router means I need to update a few ACLs or various devices. Not a big deal but something I need to schedule in....