Source/Destination Protocol and Service

g.watt · ‎06-29-2005

When configuring a new rule using the PDM

Source -- port using TCP ports 1234 (Outside)

Destination -- port TCP using ports 1234 (Inside)

Access is not permitted; the user is trying to connect from the net to a nat’d IP address, when the service is changed to;

Source port TCP any (Outside)

Destination -- port TCP using ports 1234 (Inside)

This works, I am assuming this is because the service needs to be ‘any’ due to the NAT, If anyone knows why this is the case could they please explain.

owillins · ‎07-05-2005

Policy NAT lets you identify local traffic for address translation by specifying the source and destination addresses (or ports) in an access list. Regular NAT uses source addresses/ports only, whereas policy NAT uses both source and destination addresses/ports. With policy NAT, you can create multiple NAT or static statements that identify the same local address as long as the source/port and destination/port combination is unique for each statement. You can then match different global addresses to each source/port and destination/port pair.

tvanginneken · ‎07-05-2005

Hi,

do you really need the source port to be 1234? Most of the time the source port has no real meaning and can be anything (that explains the 'any') between 1024 and 65535. The source port changes with every new connection.

I you really want to use source port 1234, that you could configure static policy nat. This uses the static command in combination with an access-list. The access-list specifies both the source and destination ip and port.

Kind Regards,

Tom