Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

Deny TCP and UDP although there is an allow rule?

Hey all

So i have a PIX515e running at home

I have setup all the IP's of my PC's in the IP names list, ive setup a service group for these

The port is tcp/ 13646 and udp/13646

the program connects fine (utorrent - fully legit, need more linux distros!) but in the ASDM shows whats in the image syslog messages image

Obviously ive hidden the remote addresses for other peoples safety, now the only thing i can think is the remote address is on a different port.

Ive shown the rules in the image ACL

torrent and torrent_UDP have just 13646 in them

I still have the torrents running fine, they just take a tad longer to ramp up, but the speed is fine after a few min (700kbps or higher) utorrent shows the port open i dont really wanna do an ANY ANY allow rule on the network

So its working, i just wanna know why the error keeps appearing in the sys log messages for my own learnings sake

Im racking my brains trying to figure out what im doing wrong here,  would you mind pointing out what ive done wrong here?

Community Member

Re: Deny TCP and UDP although there is an allow rule?

Alek, the firewall is blocking traffic from your PC coming from source port 13646. While the ACL's you show in the image file only allow destination port 13646. Create a rule that has source traffic from your PC's IP AND source port of 13646 to any destination port and IP on the outside.

Also the Syslog messages reference an ACL of inside_access_in, is that a defined access list in your configuration?

CreatePlease to create content