rules for udp in firewall

Answered Question
May 28th, 2010
User Badges:

Hello,


Do we need bidirectional rules to allow udp traffic to pass through ASA firewall. In a case where voice related udp ports needed to be opened up, and this access is for external to internal , does it need two way udp rules?


Thanks in advance!

Correct Answer by Jennifer Halim about 7 years 1 day ago

If the call signalling goes through the firewall as well, whether they are skinny or sip, and you have enabled the corresponding inspection, ie: inspect skinny or inspect sip, it will automatically open the pin hole for the RTP (voice stream), therefore, there is no requirement to open the UDP ports on access-list. If you however disable the inspection, you would need to manually allow the RTP stream, and hence yes, you would need to open it on both interfaces because call can be made either way.


Hope that helps.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
Jennifer Halim Fri, 05/28/2010 - 06:14
User Badges:
  • Cisco Employee,

If the call signalling goes through the firewall as well, whether they are skinny or sip, and you have enabled the corresponding inspection, ie: inspect skinny or inspect sip, it will automatically open the pin hole for the RTP (voice stream), therefore, there is no requirement to open the UDP ports on access-list. If you however disable the inspection, you would need to manually allow the RTP stream, and hence yes, you would need to open it on both interfaces because call can be made either way.


Hope that helps.

Actions

This Discussion