Firewall: SIP dynamic audio ports connections

Unanswered Question
Feb 4th, 2010
User Badges:


Is there away of creating a policy-map that allows UDP ports to open up dynamically for 10000-49999 ratherthan open them up in an ACL? After a call is made thru the firewall, it uses UDP ports 10000-49999. I don't want to open up all these ports.


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
johng231 Fri, 02/05/2010 - 07:10
User Badges:

I've gotten it to work by creating the following policy:

access-list 100 line 1 extended permit udp any any range 10000 49999

class-map sip_audio_port
match access-list 100

policy-map sip_policy
class sip_audio_port
  inspect sip

service-policy sip_policy interface inside
service-policy sip_policy interface VOICE

Why should I have to specify the high range when SIP is enabled by default for the inspect policy? The inspect policy for SIP should know how to open up these high ports automatically.


This Discussion