I have the following access list configured on an interface running FWSM 3.1(1):
access-list vlan123_xxx extended permit udp 10.16.78.0 255.255.255.192 host 10.214.90.52 eq ntp
access-list vlan123_xxx extended permit udp 10.16.78.0 255.255.255.192 host 10.214.90.53 eq ntp
From examining my syslog logs, the access list permits hosts (using a high source port e.g. 44768) from the 10.16.78.0 network to reach 10.214.90.53 on udp 123. Ok, so far so good.
However, the access list will deny hosts from reaching 10.214.90.53 if their source port is also udp 123.
My customer's application automatically generates these source ports and they cannot be changed.
Does anyone have an idea why this access-list is behaving in such a manner?