Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
734
Views
0
Helpful
1
Replies

PIX PAT using ports below 1024

tim.hagensen
Level 1
Level 1

‎10-16-2002 12:40 PM - edited ‎02-20-2020 10:18 PM

Outbound PAT is randomly choosing ports under 1024 which conflicts with perimeter router acl's. Is there a way to force the pix to use only ports above 1024?

PIX 525 with version 6.2.2

0 Helpful
1 Reply 1

gfullage
Cisco Employee
Cisco Employee

‎10-17-2002 09:31 PM

The PIX will choose from a range of ports dependent on the original source port. For example:

- If the source port is TCP/UDP 1-511, then the PIX will PAT the SRC address to one in that range.

- If the source port is TCP/UDP 512-1023, then the PIX will PAT the SRC address to one in that range.

- If the source port is TCP/UDP 1024-65535, then the PIX will PAT the SRC address to one in that range.

So you're original ports are in the range under 1024, therefore the PIX chooses a poart in that range. This can't changed however, it's just how it works.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card