Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Attention: The Community will be in read-only mode on 12/14/2017 from 12:00 am pacific to 11:30 am.

During this time you will only be able to see content. Other interactions such as posting, replying to questions, or marking content as helpful will be disabled for few hours.

We apologize for the inconvenience while we perform important updates to the Community.

Can I do this without a static?

We have two hosts inside of our network that makes a connection to a site on a non-standard port (1570). The site then sends traffic back to the host on the same port. Apparently, they couldn't get it to work for the return traffic unless they allowed the traffic back on the outside back in on the same port. This was in a symantec gateway appliance.

I'm doing my conversion, and I think it should work fine without allowing the traffic back in specifically, but if not, I think I'm going to have to have a static assigned for these hosts.

Any other suggestions?

Thanks,

John

HTH, John *** Please rate all useful posts ***
2 REPLIES
Hall of Fame Super Blue

Re: Can I do this without a static?

John

If the return traffic is part of the initiated connection outbound then no you should not need a static entry as long as you are Natting the traffic outbound whether that be dynamic NAT or PAT.

Jon

New Member

Re: Can I do this without a static?

You will not need a static entry as PAT will perform the translation and the SPI will allow the traffic back though. Although the port information for each connection will be the same, the traffic will be differentiated by the IP address of the client.

115
Views
5
Helpful
2
Replies
CreatePlease to create content