Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
334
Views
0
Helpful
1
Replies

NAT Overloading: Restricting ports to a higher value?

steven.pw.lau
Level 1
Level 1

‎03-20-2008 10:53 AM - edited ‎03-09-2019 08:20 PM

From the below, I've did a NAT overloading (IOS) for traffic going from 11.11.11.11 to 10.22.22.0/24. But having read in some doc that for icmp traffic, PAT will use ports starting from 0, I'm wondering if there's a way to set the port to a higher port value.

From the below debug, it is currently using port 80. Is there any way to restrict the port to a higher number, e.g. 1000+ ?

Thanks.

*Mar 3 03:32:23.751: NAT: map match test

*Mar 3 03:32:23.751: NAT: [0] Allocated Port for 11.11.11.11 -> 10.22.22.1: wanted 8 got 8

*Mar 3 03:32:23.755: NAT: i: icmp (11.11.11.11, 8) -> (10.22.22.2, 8) [40]

*Mar 3 03:32:23.759: NAT: s=11.11.11.11->10.22.22.1, d=10.22.22.2 [40]

Labels:
0 Helpful
1 Reply 1

amritpatek
Level 6
Level 6

‎03-26-2008 12:45 PM

This is not possible for ICMP traffic since selecting ports is only possible for TCP and UDP protocols.

0 Helpful
Customers Also Viewed These Support Documents