Solved: Static NAT changes source port.

ranga2002 · ‎01-06-2021

Hi team,

I have a requirement, where I have to allow communication between two devices in two remote networks, which is going through a NAT device keeping original source and destination ports.

Site A --------------- NAT Firewall------------------The Internet---------------------Site B

S:10.131.1.2 S:10.131.5.2 D:10.101.1.2

UDP port 2000 UDP Port 10381 UDP port 2000

Original source IP is source NAT'd to 10.131.5.2. Then it communicates with the destination IP 10.101.1.2.

Once we configured a static source NAT, we observed the NAT device keep changing the source port(UDP 2000) to a random number (in this case UDP 10381), which violates the customer requirement. However, the destination port remains the same.

Is there a way I can keep the source port unchanged as UDP 2000 and the destination port as UDP 2000?

Thanks in advance.

Georg Pauwen · ‎01-06-2021

Hello,

as far as I recall, in JunOS, port randomization is enabled by default. Try and disable that:

set security nat source port-randomization disable

View solution in original post

Georg Pauwen · ‎01-06-2021

Hello,

what is the 'NAT device', is that an ASA firewall ?

ranga2002 · ‎01-06-2021

It is a Juniper (JunOS) firewall.

Georg Pauwen · ‎01-06-2021

Hello,

as far as I recall, in JunOS, port randomization is enabled by default. Try and disable that:

set security nat source port-randomization disable

ranga2002 · ‎01-06-2021

Thanks Georg. I will try this out. My gut feeling is this should resolve it.

balaji.bandi · ‎01-06-2021

Not tried myself - try "no-payload"

example : (change this to UDP as per the requirement)

ip nat inside source static tcp x.x.x.x 80 y.y.y.y 80 [no-payload]

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help