FWSM access list issue

Unanswered Question
Apr 24th, 2007
User Badges:

I have the following access list configured on an interface running FWSM 3.1(1):

access-list vlan123_xxx extended permit udp host eq ntp

access-list vlan123_xxx extended permit udp host eq ntp

From examining my syslog logs, the access list permits hosts (using a high source port e.g. 44768) from the network to reach on udp 123. Ok, so far so good.

However, the access list will deny hosts from reaching if their source port is also udp 123.

My customer's application automatically generates these source ports and they cannot be changed.

Does anyone have an idea why this access-list is behaving in such a manner?

Many Thanks

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Anonymous (not verified) Thu, 05/03/2007 - 05:57
User Badges:

You can try to block the port number instead of the ntp service directly from the access list. sometimes, the application use more than one port number for to run.


This Discussion