I've been noticing that some mail-servers (SMTP) and web-servers (HTTP(HTTPS) use dynamic connections when we connect to them.
Lets say we are on a PIX/ASA inside network and do a 'http://www.xpto.com' to access this web site. Basicaly we are acessing the Web-Server TCP port 80. Some of these servers respond using another new TCP session with origin on the TCP/80 but to a diferent TCP port on the original machine that did the HTTP request. The firewall obviously denies these connections. I've also seen some cases with SMTP servers.
Has anyone seen this problem i'm talking? How do you solve this issue?
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...