Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Advanced ASA PAT configuration...

I have a unique requirement for my ASA PAT configuration...

By default a Cisco router running IOS will utilize the SAME port when creating a dynamic PAT. i.e. the inside hosts request, generates a dynamic PAT, where the requests source port, is the port which is translated to the inside host from the outside interface.

The ASA ignores the inside hosts source port, and maps the PAT using its own random port above 1024.

I would like to over-ride this default behavior and instruct the ASA to use the same port for PAT that was the inside host's initiated source port.

TIA for any help,

Travis

6 REPLIES
Bronze

Re: Advanced ASA PAT configuration...

The document present in the url below will of great help to you in defining the port number manually:

http://www.cisco.com/en/US/docs/ios/12_4t/ip_addr/configuration/guide/htpt4pat.html#wp1049437

Re: Advanced ASA PAT configuration...

access-list TCP extended permit ip any any

class-map TCP

match access-list TCP

policy-map global_policy

class inspection_default

class TCP

set connection random-sequence-number disable

Gold

Re: Advanced ASA PAT configuration...

that's just the tcp sequence numbers, not the ports. they are two different things.

what the OP wants I don't believe is possible using the pix/asa.

Re: Advanced ASA PAT configuration...

oops... :)) had a hard day today

New Member

Re: Advanced ASA PAT configuration...

I guess it's not as promising as I thought!

Thanks anyway!

New Member

Re: Advanced ASA PAT configuration...

This looks promising, but doesn't work because in this particular case the protocol is UDP. I should have mentioned that before...

Are there any commands for UDP?

Thanks!

165
Views
0
Helpful
6
Replies
CreatePlease to create content