I have problems to get nfs ( special mountd ) through a PIX. The nfs host is in a test segment which is separated from our intranet with a PIX. Our default policy is to disallow anything, except of some protocolls (ports) to defined hosts (this is true for any direction).
Now I got a problem with nfs setup. I know I need rules for nfs (tcp /udp 2049) and for portmapper (tcp/udp sunrpc/111) and for mountd and statd. Problem with mountd and statd is, that they do not have fixed port numbers. How can I configure this? I thought the PIX inspects the portmapper traffic and helps me to define dynamic rules for the needed ports, but this seems to be wrong.
Any idea what I can do ? I hate the idea to open the firewall for large port ranges.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...