×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

Static NAT, translations I can't explain

Unanswered Question
Apr 23rd, 2012
User Badges:

I have noticed some odd NAT entries, and cannot explain them.  The static translation is:


ip nat inside source static 192.168.0.222 111.111.111.111


There is an inbound ACL on the WAN interface that only allows a few standard ports.  Yet I see translations like:


Pro Inside global            Inside local             Outside local              Outside global

tcp 111.111.111.111:42658    192.168.0.222:42658      189.1.169.195:40569        189.1.169.195:40569


If the ACL is checked before NAT, why am I getting random ports from some ip address in Brazil(this router in in the USA and has no business connecting to any other country)?  Port 48139 isn't allowed, so how can there be a translation?  The only ports that 192.168.0.222 ever initiate a connection to are 80 and 443.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
ohassairi Mon, 04/23/2012 - 23:51
User Badges:
  • Silver, 250 points or more

may be the server is using dynamic ports: it accepts connections on port 80 then it asks the client to connect to it on another port. some applications like MSmessenger, skype...use this method.

the router/firewall may allow this traffic if inspection on port 80 is activated.


you may use wireshark on the client side to see if the client is redirected to other TCP port.

Actions

This Discussion

Related Content