06-13-2008 12:48 AM - edited 03-05-2019 11:36 PM
Hi all, we had an issue where we had 2 100.1.x.x and 100.4.x.x addresses on our lan that were trying to talk through the firewall, but it was not working, the engineer had to issue a command
>norandomseq nailed for them ip's, what exactly does this do?
06-13-2008 02:03 AM
They are optional parameters for a NAT rule.
noramdomseq - Disables TCP ISN randomization protection. Normally a firewall would randomise the ISN of the TCP SYN passing in both the inbound and outbound directions.
nailed - Allows TCP sessions for asymmetrically routed traffic. This option allows inbound traffic to traverse the security appliance without a corresponding outbound connection to establish the state.
06-13-2008 02:37 AM
why would we use this, would we not just create a rule allowing the source in from the outside ?
06-13-2008 07:00 AM
Well - you need both, a NAT rule to specify which addresses get translated between interfaces, and an access-list rule to allow traffic through.
There will be several reasons why you might need to use these additional options, but without understanding the network and so on it would be hard to say.
If you fancy reading about NAT rule syntax one example Cisco page is here:
http://www.cisco.com/en/US/docs/security/asa/asa71/command/reference/s8_711.html#wp1112330
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide