UDP port 0 block by PIX 515 ver 7

Unanswered Question
Aug 3rd, 2007

Hi,

I have a problem with a udp packet with source port 0.

It is a snmptrap packet:

Source port 0 and Destination pot 162

The pix 515 version 7 always blocks this packet with source port 0.

It is not an access-list who block it. The packet is block and the pix produce no log at all for this block.

Does anyone had experience this problem ?

And what is the solution ?

Thanks in advance

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
sbilgi Thu, 08/09/2007 - 10:14

Dropping packets with UDP port 0 is normal behaviour because firewall products treat this as a security violation, and drop the packet. You may try to configure the traffic to use some other port or you may permit the UDP port 0 by applying an access-list.

rigoberto.cintr... Thu, 08/16/2007 - 13:24

Something like that happen to me in the past with OS 6.X with a Solaris box. When users try to established an Exceed session the PIX block the traffic. The X Windows use ports 0 and 1 for the displays. I had to call the TAC and it took 2 days to figure it out. The command that fix the problem was the established.

established command?This command allows return connections from a lower security host to a higher security host if there is already an established connection from the higher level host to the lower level host.

For same security interfaces, you can configure established commands for both directions.

This was the command I used:

established tcp 0 6000 permitto tcp 6000 permitfrom tcp 1024-65535

Still I don't know if it will resolve your issue because your traffic it's UDP.

Good Luck

HTH

rigoberto.cintr... Fri, 08/17/2007 - 06:06

I check and the established command supports udp. You can try this,

established udp 0 162 permitto udp snmptrap permitfrom udp 1024-65535

The caveat by using this command if I remember

right is that it will open those ports for any.

Actions

This Discussion