Advanced ASA PAT configuration...

Unanswered Question

I have a unique requirement for my ASA PAT configuration...

By default a Cisco router running IOS will utilize the SAME port when creating a dynamic PAT. i.e. the inside hosts request, generates a dynamic PAT, where the requests source port, is the port which is translated to the inside host from the outside interface.

The ASA ignores the inside hosts source port, and maps the PAT using its own random port above 1024.

I would like to over-ride this default behavior and instruct the ASA to use the same port for PAT that was the inside host's initiated source port.

TIA for any help,


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
a.alekseev Mon, 07/07/2008 - 11:14

access-list TCP extended permit ip any any

class-map TCP

match access-list TCP

policy-map global_policy

class inspection_default

class TCP

set connection random-sequence-number disable

srue Mon, 07/07/2008 - 11:53

that's just the tcp sequence numbers, not the ports. they are two different things.

what the OP wants I don't believe is possible using the pix/asa.


This Discussion