Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
New Member

ip port-map user on ASR 1000 IOS XE


I'm trying to build a firewall and wanted to use the "ip port-map user-xxx ..." command to make a custom protocol that I could then use in protocol statement insice a class-map type inspect.

Is this yet another thing missing from IOS XE, like the lack of object-group command?

Best regards.

Everyone's tags (2)

Re: ip port-map user on ASR 1000 IOS XE

Hello Damjan,

You are right Sr,

ASR ZBFW does not support user defined port-mapping

Now, you could match the traffic with an ACL and inspect it, the ZBFW will not break the connection, it will actually be succesfull so even though the command is not supported on the ASR1K you could still make it happen

EDIT: If you are going to create a user-defined protocol the ACL would be the same thing,

          If you are trying to map a standard protocol to a non-standard protocol then you need to use the IP port-map command (not supported ASR1K)

So bottom line: In your case with the ACL you will be more than fine

For Networking Posts check my blog at 


Julio Carvajal Segura

Julio Carvajal
Senior Network Security and Core Specialist
New Member

Hi All,

Hi All,

I have just run into this issue on with iOS XE as this post is 3 years old i wonder if you had found a workaround without resorting to using ACL's ?



New Member

Hi Olly.

Hi Olly.

At that time it was not possible. But I have not kept track of the issue so I do not know if things are better now.

We ended up developing an internal webapp to generate and manage the firewall rules. We generate everything from policy-maps, class-maps and ip/ipv6 acls.

Best regards,


CreatePlease to create content