Dear Balaji,

I am just checking with post but unable to understand can you please suggest on commands how to enable multiple udp ports for particular IP by ACL??

Can you post your full configuration to suggest.

Dear Balaji,

I am just discussing this with my team & as PABX is connected of firewall interface fa0/3 so can we make one policy in to out , out to in bidirectional & call that policy in zone after that put that PABX interface in that zone.

Also can you please let me know is PABX allow ACL feature.?

Please find the scenario  below i need to make source & destination policy .

Subnet 172.18.x.x is internal  voip subnet

Traffic which i need to allow for destination IP  (Out side network IP)

197.84.140.140                 UDP Port 5060   UDP Port 16384 - 32767

196.28.95.12                     UDP Port 5060   UDP Port 16384 - 32767

I need to make policy which allow traffic between  197.84.140.140   , 196.28.95.12  & 172.18.x.x including udp ports UDP Port 5060   UDP Port 16384 - 32767 or i  can allow all to all ports for these subnet & call the PABX connected interface in to this policy

This is what my requirement can you please suggest me on this.

Since we have asked full configuration, you have not provided for us to review.

based on the information you have provided, we belive rest all in in place and you looking onlyACL

below example  help you, tweak as per the your requirement.

object-group service PBX_Ports
port-object range 16384 32767
port-object eq 5060

object network inside_network
subnet 172.18.x.x 255.255.x.x

object network outside_network
host 197.84.140.140
host 196.28.95.12

access-list outside_access_in extended permit object-group outside_network any object inside_network eq PBX_Ports
access-list inside_access_out extended permit object-group inside_network any object outside_network eq PBX_Ports

Apply the access-list respected interface.