ACL Deny IP and Port

Hi All

I am trying to implement ACLs to block a NAT device only and not necessarily the source public IP which can contain multiple SIP devices.

The ACL implemented:

====================================================================

access-control

    realm-id                PEER_TEST_REALM

    description               BLOCK_NAT_DEVICE

    source-address             0.0.0.0

    destination-address           41.41.42.43:5060

    application-protocol          SIP

    transport-protocol           UDP

    access                 permit

    average-rate-limit           0

    trust-level               low

    minimum-reserved-bandwidth       0

    invalid-signal-threshold        2

    maximum-signal-threshold        10

    untrusted-signal-threshold       4

    deny-period               900

    nat-trust-threshold           0

    max-endpoints-per-nat          0

    nat-invalid-message-threshold      0

    cac-failure-threshold          2

    untrust-cac-failure-threshold      2

====================================================================

When the threshold is exceeded the ACL denies the source IP and ignores the source port. As a result all devices behind the public IP is blocked. I saw in previous community form that someone had it blocking the IP plus Port (NAT device) and wanted to block the complete IP.