ASA 5500 NAT problems with SCTP

alfaia.eduardo · ‎10-27-2011

Hi all, could anyone help me in this topic?

Eugene Khabarov · ‎10-27-2011

Hi! Can you describe your problem more verbose?

Maybe forum search will help to answer your question?

https://supportforums.cisco.com/thread/2043754

alfaia.eduardo · ‎10-27-2011

Hi Eugene

We are using Cisco ASA 5500 to do NAT of the an element in our Internal Network, which use SCTP, to another element in an external network(below). I've configured a Static NAT but this not work. My question is, does SCTP work with NAT in Cisco ASA 5500?

Internal Network      |       External Network
                         |
 +---------+             |               /--\/--\            +---------+
 |  SCTP   |          +-----+           /        \           |  SCTP   |
 |end point|==========| NAT |========= | Internet | =========|end point|
 |    A    |          +-----+           \        /           |    B    |
 +---------+             |               \--/\--/            +---------+
                         |

Thanks

Maykol Rojas · ‎10-27-2011

Well, based on the Fact that that you are doing static NAT the only thing that you will need is access list, since it is an IP procotol and the firewall does not pass it by default. You will need to create it both inside and outside.

The firewall is not going to be able to do deep packet inspection nor apply any kind of firewalling to that traffic.

Here is a thread you can follow:

https://supportforums.cisco.com/thread/2043754

Let me know.

Mike