I have a 501 with pat configured, my lan is being nat'ed to the outside interface IP, i've configured pat for a machine in the lan to listen the ftp connections, and other machine to listen the terminal services connections.
It works fine.
But i got a problem with some applications, like icq and msn, when im trying to send file trough them, should i configure a static pat entry for every port for the file transfer?
This cannot be achieved via statefull actions by the pix?
The best thing would be to set up static entries and configure access-lists to allow the return traffic. I am sure that this would not be feasible so you may want to look at this URL to see if configuring ICQ will help. http://www.icq.com/icqtour/firewall/netadmin.html
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...