ISSUE :: traffic from inside_LAN to Outside_Internet

Unanswered Question
Jun 3rd, 2009


Voice application and another trade application running on port 10200 doesnt seems to work behind firewall


the firewall is used for hosting Web server & site to site vpn ( natting public ip with private )

We have Two access-list

ACL_Outside ( natting traffic )

ACL_NONAT ( not to nat VPN Traffic )

any traffic from user goes to core then to firewall, i do not have inside access-list so the above two program should work.

any clue

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Kureli Sankar Fri, 06/05/2009 - 06:44

Most voice traffic initiates a connection via a diff. port that needs to be opened on the outside interface facing the internet. This doesn't look like anything standard that we would have inspection for which would automatically open pin holes for connections initiated from the outside.

So, check the logs

conf t

logging enable

loggin buffered 7


sh logg | i x.x.x.x

where x.x.x.x is the IP address that these voice call go to on the outside.

That may give some clue as to whether the acl applied on the outside is dropped these due to lack of permission.


This Discussion