Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
New Member

ISSUE :: traffic from inside_LAN to Outside_Internet

Hi,

Voice application and another trade application running on port 10200 doesnt seems to work behind firewall

((INTERNET))--[Router]---[Firewall]---[Core]

the firewall is used for hosting Web server & site to site vpn ( natting public ip with private )

We have Two access-list

ACL_Outside ( natting traffic )

ACL_NONAT ( not to nat VPN Traffic )

any traffic from user goes to core then to firewall, i do not have inside access-list so the above two program should work.

any clue

1 REPLY
Cisco Employee

Re: ISSUE :: traffic from inside_LAN to Outside_Internet

Most voice traffic initiates a connection via a diff. port that needs to be opened on the outside interface facing the internet. This doesn't look like anything standard that we would have inspection for which would automatically open pin holes for connections initiated from the outside.

So, check the logs

conf t

logging enable

loggin buffered 7

exit

sh logg | i x.x.x.x

where x.x.x.x is the IP address that these voice call go to on the outside.

That may give some clue as to whether the acl applied on the outside is dropped these due to lack of permission.

112
Views
0
Helpful
1
Replies
CreatePlease to create content