Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
483
Views
0
Helpful
2
Replies

Does CSS change the source port?

craneman
Level 1
Level 1

‎07-01-2005 02:47 AM

Here is my issue:

No source groups or udp.

CSS Routed mode, version 7.4

A client on the outside, say 1.1.1.1, sends a packet to the VIP of 2.2.2.2, the source port is 938 and the destination is 938.

The VIP translates it to the 10 network (service) but seems to change the source port to somewhere in the 65512 area. My server then rejects the connection because the application will only accept ports below 1024.

Has anyone seen this?

Thanks, Mike

Labels:
0 Helpful
2 Replies 2

Gilles Dufour
Cisco Employee
Cisco Employee

‎07-01-2005 09:15 AM

the css does not like source port below 1024.

They are normally reserved and should not be used by client.

Unfortunately, I don't see how you can prevent the CSS to change this source port.

Regards,

Gilles.

0 Helpful

craneman
Level 1
Level 1
In response to Gilles Dufour

‎07-14-2005 09:29 AM

thanks. whats interesting though is we do see traffic going through the css with a source port below 1024 to a destination port lower than 1024. so it seems that it does actually pass traffic through with ports less than 1024.

however maybe it decides to change the source port only when the "source and destination, ie 938 to 938" are the same? thats what seems to be happening. possibly it interprets this as some kind of attack?

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card