Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

rules for udp in firewall

Hello,

Do we need bidirectional rules to allow udp traffic to pass through ASA firewall. In a case where voice related udp ports needed to be opened up, and this access is for external to internal , does it need two way udp rules?

Thanks in advance!

1 ACCEPTED SOLUTION

Accepted Solutions
Super Bronze

Re: rules for udp in firewall

If the call signalling goes through the firewall as well, whether they are skinny or sip, and you have enabled the corresponding inspection, ie: inspect skinny or inspect sip, it will automatically open the pin hole for the RTP (voice stream), therefore, there is no requirement to open the UDP ports on access-list. If you however disable the inspection, you would need to manually allow the RTP stream, and hence yes, you would need to open it on both interfaces because call can be made either way.

Hope that helps.

1 REPLY
Super Bronze

Re: rules for udp in firewall

If the call signalling goes through the firewall as well, whether they are skinny or sip, and you have enabled the corresponding inspection, ie: inspect skinny or inspect sip, it will automatically open the pin hole for the RTP (voice stream), therefore, there is no requirement to open the UDP ports on access-list. If you however disable the inspection, you would need to manually allow the RTP stream, and hence yes, you would need to open it on both interfaces because call can be made either way.

Hope that helps.

331
Views
0
Helpful
1
Replies