Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

SEQ #, SYN, SYN-ACK, ACK numbers transversing the PIX

When an IP packet tranverses a PIX from the inside to the outside, with NAT or STATIC configured, the source IP address is changed and the sequence number is randomized. What other IP field's change...Do the Seq, SYN, SYN-ACK and ACK number change also.

1 REPLY
Silver

Re: SEQ #, SYN, SYN-ACK, ACK numbers transversing the PIX

In addition to modifying the IP address, NAT must modify the IP checksum and the TCP checksum. Remember, TCP's checksum also covers a pseudo header which contains the source and destination address.

Other then this I don't think it changes anything. For certain protocols like FTP which carry the IP address in the Data Part, NAT changes the IP address where ever it appears.

309
Views
0
Helpful
1
Replies
CreatePlease to create content