cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
483
Views
0
Helpful
2
Replies

Does CSS change the source port?

craneman
Level 1
Level 1

Here is my issue:

No source groups or udp.

CSS Routed mode, version 7.4

A client on the outside, say 1.1.1.1, sends a packet to the VIP of 2.2.2.2, the source port is 938 and the destination is 938.

The VIP translates it to the 10 network (service) but seems to change the source port to somewhere in the 65512 area. My server then rejects the connection because the application will only accept ports below 1024.

Has anyone seen this?

Thanks, Mike

2 Replies 2

Gilles Dufour
Cisco Employee
Cisco Employee

the css does not like source port below 1024.

They are normally reserved and should not be used by client.

Unfortunately, I don't see how you can prevent the CSS to change this source port.

Regards,

Gilles.

thanks. whats interesting though is we do see traffic going through the css with a source port below 1024 to a destination port lower than 1024. so it seems that it does actually pass traffic through with ports less than 1024.

however maybe it decides to change the source port only when the "source and destination, ie 938 to 938" are the same? thats what seems to be happening. possibly it interprets this as some kind of attack?

Review Cisco Networking for a $25 gift card