cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
507
Views
0
Helpful
3
Replies

Unable to block UDP broadcasts on Cisco VPN 3000

net-harry
Level 1
Level 1

Hi,

We are running Cisco VPN 3030 on version 4.7.2.J. For some reason we see a lot of UDP datagrams to the internal broadcast address on port 137 and 138. This seems to be NetBIOS name and datagram service. We do not have any WINS servers and we want to block these broadcasts from flooding the local subnet (where no servers are available). We have defined a filter that drop all traffic to the internal broadcast address and applied it to the group where the users come in, but the packets still passing into the internal network.

Does anyone have any clues to how to solve this issue?

Best regards,

Harry

3 Replies 3

ggilbert
Cisco Employee
Cisco Employee

Harry,

Can you please let me know what is the rule/rules that you have created for this filter.

Also, is there something else on this filter that is already applied to the group.

If so, can you please make sure that the drop filter that you created is at the top of the list.

Thanks

Gilbert

Hi Gilbert,

Please find below the rule and the network list used:

--------------------------------------------------------------------------------

Rule Name: Block_Local_Traffic

Direction: Inbound

Action: Drop and Log

Protocol: Any

TCP Connection: Don't Care

Source Address

Network List: Use IP Address/Wildcard-mask below

IP Address: 0.0.0.0

Wildcard-mask: 255.255.255.255

Destination Address

Network List: Local_Block_List

TCP/UDP Source Port

Port: Range 0-65535

TCP/UDP Destination Port

Port: Range 0-65535

ICMP Packet Type: 0-255

--------------------------------------------------------------------------------

We have also duplicated this rule with another having direction Outbound and added that to the group filter, but that did not prevent the broadcasts from getting through either.

Network List: Local_Block_List

10.10.120.35/0.0.0.0

10.10.120.36/0.0.0.0

10.10.120.37/0.0.0.0

10.10.120.63/0.0.0.0

The local internal network is 10.10.120.32/27. The local broadcast address is thus 10.10.120.63. The three other IP addresses are for the next hop internal routers (including HSRP address).

The filter is at the top of the list.

Thanks for your help!

Best regards,

Harry

Harry,

Let me test this scenario in the lab and get back with you.

Cheers,

Gilbert

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: