Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

PIX PAT using ports below 1024

Outbound PAT is randomly choosing ports under 1024 which conflicts with perimeter router acl's. Is there a way to force the pix to use only ports above 1024?

PIX 525 with version 6.2.2

1 REPLY
Cisco Employee

Re: PIX PAT using ports below 1024

The PIX will choose from a range of ports dependent on the original source port. For example:

- If the source port is TCP/UDP 1-511, then the PIX will PAT the SRC address to one in that range.

- If the source port is TCP/UDP 512-1023, then the PIX will PAT the SRC address to one in that range.

- If the source port is TCP/UDP 1024-65535, then the PIX will PAT the SRC address to one in that range.

So you're original ports are in the range under 1024, therefore the PIX chooses a poart in that range. This can't changed however, it's just how it works.

133
Views
0
Helpful
1
Replies
CreatePlease to create content