cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
267
Views
0
Helpful
1
Replies

FWSM access list issue

itrequest
Level 1
Level 1

I have the following access list configured on an interface running FWSM 3.1(1):

access-list vlan123_xxx extended permit udp 10.16.78.0 255.255.255.192 host 10.214.90.52 eq ntp

access-list vlan123_xxx extended permit udp 10.16.78.0 255.255.255.192 host 10.214.90.53 eq ntp

From examining my syslog logs, the access list permits hosts (using a high source port e.g. 44768) from the 10.16.78.0 network to reach 10.214.90.53 on udp 123. Ok, so far so good.

However, the access list will deny hosts from reaching 10.214.90.53 if their source port is also udp 123.

My customer's application automatically generates these source ports and they cannot be changed.

Does anyone have an idea why this access-list is behaving in such a manner?

Many Thanks

1 Reply 1

Not applicable

You can try to block the port number instead of the ntp service directly from the access list. sometimes, the application use more than one port number for to run.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: