Hi Jon, I was getting this error continously in the FWSM logs, Dec 23 2009 12:41:18: %FWSM-3-106010: Deny inbound udp src er-dmz-int:10.1.151.5/60812 dst er-db-zone:228.10.10.10/45566 Dec 23 2009 12:41:18: %FWSM-3-106010: Deny inbound udp src er-dmz-int:10.1.151.5/60812 dst er-db-zone:228.10.10.10/45566 Dec 23 2009 12:41:18: %FWSM-3-106010: Deny inbound udp src er-dmz-int:10.1.151.5/60812 dst er-db-zone:228.10.10.10/45566 Dec 23 2009 12:41:18: %FWSM-3-106010: Deny inbound udp src er-dmz-int:10.1.151.5/60812 dst er-db-zone:228.10.10.10/45566 As per cisco doc, http://www.cisco.com/en/US/docs/security/fwsm/fwsm22/system/message/fsmemsgs.html %FWSM-3-106010 --> "This is a connection-related message. This message is logged if an inbound connection is denied by your security policy" There is a specific permit line in ACL that allows traffic to 228.10.10.10 from 10.1.151.0 and I saw hits aswell on those lines. I cleared the xlate for source and destination, removed and re-applied the ACL lines with no luck untill I lowered the security level. But the fact is that there are many other vlans working in similar fashion in this FWSM, only this couple of interface had issues. The traffic is multicast, but does that make a diffrence when connectivity is working one-way ? Thanks Kris
... View more