Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
256
Views
5
Helpful
2
Replies

Can I do this without a static?

John Blakley
VIP Alumni
VIP Alumni

‎04-21-2009 09:43 AM - edited ‎03-11-2019 08:21 AM

We have two hosts inside of our network that makes a connection to a site on a non-standard port (1570). The site then sends traffic back to the host on the same port. Apparently, they couldn't get it to work for the return traffic unless they allowed the traffic back on the outside back in on the same port. This was in a symantec gateway appliance.

I'm doing my conversion, and I think it should work fine without allowing the traffic back in specifically, but if not, I think I'm going to have to have a static assigned for these hosts.

Any other suggestions?

Thanks,

John

HTH, John *** Please rate all useful posts ***
Labels:
0 Helpful
2 Replies 2

Jon Marshall
Hall of Fame
Hall of Fame

‎04-21-2009 11:56 AM

John

If the return traffic is part of the initiated connection outbound then no you should not need a static entry as long as you are Natting the traffic outbound whether that be dynamic NAT or PAT.

Jon

networker99
Level 1
Level 1

‎04-22-2009 12:10 PM

You will not need a static entry as PAT will perform the translation and the SPI will allow the traffic back though. Although the port information for each connection will be the same, the traffic will be differentiated by the IP address of the client.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card