Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

Static NAT, translations I can't explain

I have noticed some odd NAT entries, and cannot explain them.  The static translation is:

ip nat inside source static 192.168.0.222 111.111.111.111

There is an inbound ACL on the WAN interface that only allows a few standard ports.  Yet I see translations like:

Pro Inside global            Inside local             Outside local              Outside global

tcp 111.111.111.111:42658    192.168.0.222:42658      189.1.169.195:40569        189.1.169.195:40569

If the ACL is checked before NAT, why am I getting random ports from some ip address in Brazil(this router in in the USA and has no business connecting to any other country)?  Port 48139 isn't allowed, so how can there be a translation?  The only ports that 192.168.0.222 ever initiate a connection to are 80 and 443.

Everyone's tags (2)
1 REPLY
Silver

Re: Static NAT, translations I can't explain

may be the server is using dynamic ports: it accepts connections on port 80 then it asks the client to connect to it on another port. some applications like MSmessenger, skype...use this method.

the router/firewall may allow this traffic if inspection on port 80 is activated.

you may use wireshark on the client side to see if the client is redirected to other TCP port.

259
Views
0
Helpful
1
Replies
CreatePlease to create content