Unable to block UDP broadcasts on Cisco VPN 3000

Unanswered Question
Jan 23rd, 2009


We are running Cisco VPN 3030 on version 4.7.2.J. For some reason we see a lot of UDP datagrams to the internal broadcast address on port 137 and 138. This seems to be NetBIOS name and datagram service. We do not have any WINS servers and we want to block these broadcasts from flooding the local subnet (where no servers are available). We have defined a filter that drop all traffic to the internal broadcast address and applied it to the group where the users come in, but the packets still passing into the internal network.

Does anyone have any clues to how to solve this issue?

Best regards,


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
ggilbert Sat, 01/24/2009 - 07:13


Can you please let me know what is the rule/rules that you have created for this filter.

Also, is there something else on this filter that is already applied to the group.

If so, can you please make sure that the drop filter that you created is at the top of the list.



net-harry Mon, 01/26/2009 - 00:48

Hi Gilbert,

Please find below the rule and the network list used:


Rule Name: Block_Local_Traffic

Direction: Inbound

Action: Drop and Log

Protocol: Any

TCP Connection: Don't Care

Source Address

Network List: Use IP Address/Wildcard-mask below

IP Address:


Destination Address

Network List: Local_Block_List

TCP/UDP Source Port

Port: Range 0-65535

TCP/UDP Destination Port

Port: Range 0-65535

ICMP Packet Type: 0-255


We have also duplicated this rule with another having direction Outbound and added that to the group filter, but that did not prevent the broadcasts from getting through either.

Network List: Local_Block_List

The local internal network is The local broadcast address is thus The three other IP addresses are for the next hop internal routers (including HSRP address).

The filter is at the top of the list.

Thanks for your help!

Best regards,


ggilbert Mon, 01/26/2009 - 05:07


Let me test this scenario in the lab and get back with you.




This Discussion