FWSM access list issue

Unanswered Question
Apr 24th, 2007
User Badges:

I have the following access list configured on an interface running FWSM 3.1(1):


access-list vlan123_xxx extended permit udp 10.16.78.0 255.255.255.192 host 10.214.90.52 eq ntp


access-list vlan123_xxx extended permit udp 10.16.78.0 255.255.255.192 host 10.214.90.53 eq ntp


From examining my syslog logs, the access list permits hosts (using a high source port e.g. 44768) from the 10.16.78.0 network to reach 10.214.90.53 on udp 123. Ok, so far so good.


However, the access list will deny hosts from reaching 10.214.90.53 if their source port is also udp 123.


My customer's application automatically generates these source ports and they cannot be changed.


Does anyone have an idea why this access-list is behaving in such a manner?


Many Thanks

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Anonymous (not verified) Thu, 05/03/2007 - 05:57
User Badges:

You can try to block the port number instead of the ntp service directly from the access list. sometimes, the application use more than one port number for to run.

Actions

This Discussion