Hi
Our firewall is dropping SIP200 keepalives from a remote Cisco Unified Border Element router 10.10.10.10 to local Cisco Unified Communications Manager 10.20.20.20. A packet capture shows the SIP From: as 10.20.20.20 and SIP To: as 10.10.10.10 (so basically the "wrong" way around - although it's not as this is a response to an OPTIONS PING from CUCM. The firewall (a 5200) is logging Strict SIP Protocol Flow Enforcement (anomaly). Is this a known issue that anyone's encountered? I'm expecting the workaround is just to create an exemption to that traffic. This only started happening in February so I wonder if an IPS definition update caused it...
Many thanks
James