Advertisement

08.16.2008 at 07:03AM PDT, ID: 23653488 | Points: 500
[x]
Attachment Details

PAT question

Asked by jlazanowski in Cisco PIX Firewall

Tags: , ,

I have an ASA with PAT configured, it's working normally, however I have a specific vendor that doesn't follow the rules.

Right now this is what happens.

Inside client makes a request ASA maps the client to the external address 10.10.10.10/41975 it communicates with the remote internet host so 10.10.10.10/49175 goes to 12.12.12.12/41976 the host then responds to 10.10.10.10/49175 from 12.12.12.12/2663

They always respond on this port.

I only have a single IP address and multiple clients so a static map isn't really an option. Any way to allow port 2663 back in so that the ASA doesn't discard the packet?

P.S. This (for whatever reason worked without an issue on a Pix 501 6.3(5))


Start Free Trial
[+][-]08.16.2008 at 12:09PM PDT, ID: 22244890

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 7-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]08.17.2008 at 03:25PM PDT, ID: 22248449

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 7-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]08.18.2008 at 05:08AM PDT, ID: 22251004

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 7-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]08.18.2008 at 05:56AM PDT, ID: 22251344

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 7-day free trial to view this Author Comment or ask the Experts your question.

 
 
Loading Advertisement...
20081112-EE-VQP-42 / EE_QW_2_20070628