Showing results for 
Search instead for 
Did you mean: 


Service-engine x/y/z may need to be included in a zone for voice traffic to pass

I ran into an interesting issue today and thought it'd be nice to share since we didn't have much luck finding an answer on The Google.  Here's the gist of the issue.  We have ZBFW features enabled on a 4331.  We have only two zones; INSIDE and INTERNET.  This router also has a combo FXS/FXO module.  Well, a user complained that a machine attached to the FXS port wasn't working.  An analog phone was attached and a test call revealed that there was one-way audio (the caller could hear us but we couldn't hear the caller - audio from the attached phone, via the FXS port, wasn't working).  Upon further testing, we learned that the FXO port was having a one-way audio issue, too.  In a nutshell, if the traffic was received over analog and then converted into IP traffic and transmitted on an INSIDE interface it was dumped.  It turns out that there's a simple fix for this issue.

interface Service-EngineX/Y/Z
 zone-member security YOUR_ZONE_NAME_HERE


I had this issue and we

I had this issue and we solved it (partially) the way you did, however, we have more than two zones and we use a ip policy route-map assigned to the interfaces to get the traffic where it needs to go.  However, apparently it's not possible to assign an ip policy route-map to a service-engine so we still have a problem with one-way audio in one of our zones.  If you've ever resolved this issue with 3 or 4 zones in play, I'd appreciate any tips on how you solved it.  I've had a ticket open with Cisco for awhile and so far they're just telling us to make some changes our company doesn't normally allow for various for the moment, we're stumped on how to solve this.