Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

FWSM access list issue

I have the following access list configured on an interface running FWSM 3.1(1):

access-list vlan123_xxx extended permit udp 10.16.78.0 255.255.255.192 host 10.214.90.52 eq ntp

access-list vlan123_xxx extended permit udp 10.16.78.0 255.255.255.192 host 10.214.90.53 eq ntp

From examining my syslog logs, the access list permits hosts (using a high source port e.g. 44768) from the 10.16.78.0 network to reach 10.214.90.53 on udp 123. Ok, so far so good.

However, the access list will deny hosts from reaching 10.214.90.53 if their source port is also udp 123.

My customer's application automatically generates these source ports and they cannot be changed.

Does anyone have an idea why this access-list is behaving in such a manner?

Many Thanks

1 REPLY
Anonymous
N/A

Re: FWSM access list issue

You can try to block the port number instead of the ntp service directly from the access list. sometimes, the application use more than one port number for to run.

138
Views
0
Helpful
1
Replies