A Cisco Security Appliance handles UDP traffic in the following manner:
1. The source machine initiates the UDP connection. It is received by the Security Appliance
en route to the destination. The Security Appliance applies the default rule and any
necessary translation, creates a session object in the state table, and allows the
connection to pass to the outside interface.
2. Any return traffic is matched with the session object, and the session timeout is applied.
The session timeout is 2 minutes by default. If the response does not match the session
object or is not within the timeout, the packet is dropped. If everything matches, the
response is allowed through to the requesting source.
3. Any inbound UDP sessions from a lower security level to a higher security level must be
allowed by the security policy, or the connection is dropped.