Advanced ASA PAT configuration...

thegner · ‎07-01-2008

I have a unique requirement for my ASA PAT configuration...

By default a Cisco router running IOS will utilize the SAME port when creating a dynamic PAT. i.e. the inside hosts request, generates a dynamic PAT, where the requests source port, is the port which is translated to the inside host from the outside interface.

The ASA ignores the inside hosts source port, and maps the PAT using its own random port above 1024.

I would like to over-ride this default behavior and instruct the ASA to use the same port for PAT that was the inside host's initiated source port.

TIA for any help,

Travis

hadbou · ‎07-07-2008

The document present in the url below will of great help to you in defining the port number manually:

http://www.cisco.com/en/US/docs/ios/12_4t/ip_addr/configuration/guide/htpt4pat.html#wp1049437

a.alekseev · ‎07-07-2008

access-list TCP extended permit ip any any

class-map TCP

match access-list TCP

policy-map global_policy

class inspection_default

class TCP

set connection random-sequence-number disable

srue · ‎07-07-2008

that's just the tcp sequence numbers, not the ports. they are two different things.

what the OP wants I don't believe is possible using the pix/asa.

a.alekseev · ‎07-07-2008

oops... :)) had a hard day today

thegner · ‎07-07-2008

I guess it's not as promising as I thought!

Thanks anyway!

thegner · ‎07-07-2008

This looks promising, but doesn't work because in this particular case the protocol is UDP. I should have mentioned that before...

Are there any commands for UDP?

Thanks!