Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

Silver

Port 5061 Issue on FWSM

We are running a FWSM and have created ACL's for a new Lync install.  One of the rules needs to have port 5061 access from any source to our front edge server for communication.  When looking at the logs I see a hit on the ACL but nothing ever actually connects. 

One possible issue I see is possibly in the inspect:

policy-map global_policy

class inspection_default

  inspect ftp

  inspect h323 h225

  inspect h323 ras

  inspect rsh

  inspect sqlnet

  inspect sunrpc

  inspect xdmcp

  inspect sip

  inspect netbios

  inspect tftp

  inspect pptp

class class_sip_tcp

  inspect sip

In the inspect sip this is only for port 5060.  How do I set this up to allow port 5061?

Everyone's tags (4)
1 REPLY
Cisco Employee

Port 5061 Issue on FWSM

Hi Rick,

Assuming you want the inspection to process both TCP/5060 and TCP/5061, the config would look like this (otherwise adjust the 'match' command in the class-map accordingly):

class-map class_sip_tcp

   match port tcp range 5060 5061

policy-map global_policy

   class class_sip_tcp

     inspect sip

service-policy global_policy global

Keep in mind, though, that the FWSM's inspection engine cannot process encrypted traffic. So if TCP/5061 is encrypted via TLS you don't want to enable the inspection for this traffic.

-Mike

810
Views
0
Helpful
1
Replies
CreatePlease to create content