Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
402
Views
0
Helpful
1
Replies

Static NAT, translations I can't explain

thomas947
Level 1
Level 1

‎04-23-2012 08:52 PM - edited ‎03-04-2019 04:07 PM

I have noticed some odd NAT entries, and cannot explain them.  The static translation is:

ip nat inside source static 192.168.0.222 111.111.111.111

There is an inbound ACL on the WAN interface that only allows a few standard ports.  Yet I see translations like:

Pro Inside global            Inside local             Outside local              Outside global

tcp 111.111.111.111:42658    192.168.0.222:42658      189.1.169.195:40569        189.1.169.195:40569

If the ACL is checked before NAT, why am I getting random ports from some ip address in Brazil(this router in in the USA and has no business connecting to any other country)?  Port 48139 isn't allowed, so how can there be a translation?  The only ports that 192.168.0.222 ever initiate a connection to are 80 and 443.

Labels:
0 Helpful
1 Reply 1

ohassairi
Level 5
Level 5

‎04-23-2012 11:51 PM

may be the server is using dynamic ports: it accepts connections on port 80 then it asks the client to connect to it on another port. some applications like MSmessenger, skype...use this method.

the router/firewall may allow this traffic if inspection on port 80 is activated.

you may use wireshark on the client side to see if the client is redirected to other TCP port.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card