Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Problem with self zone in IOS zone-based firewall


I'm having strange behaviour of my IOS zone-based firewall related to self security zone. As I understand, all traffic from and to self zone is permited, unless any rule between self and other zones exists.

I havo no rule between self zone and in-zone (my inside LAN), so i thought all my traffic is permited between them. I can ping, use http, https, etc from in-zone to self, and so on, but we had a problem when started to test Cisco VoIP solution.

SCCP protocol with Cisco phones (7910 and 7960) works well, but the problem starts when we test calls between Cisco phones and softphones in our laptops.

IOS firewall drops this packet:

050113: *Jun 28 12:32:27.520 PCTime: %FW-6-DROP_UDP_PKT: Dropping udp pkt => with ip ident 549 due to policy match failure

Note that is the inside interface for the self zone, and is the VoIP phone (Cisco 7911) in the in-zone.

Why IOS firewall drops this packet? All other packet from self to in-zone

seems unaffected...

My config is attached, hardware is a 2811 router with Cisco IOS Software, 2800 Software (C2800NM-ADVENTERPRISEK9-M), Version 12.4(11)XJ, RELEASE SOFTWARE (fc1)

Thanks in advance,

Ignacio Siles.

New Member