cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
505
Views
0
Helpful
3
Replies

firewall command to allow non rfc1918 inside

carl_townshend
Spotlight
Spotlight

Hi all, we had an issue where we had 2 100.1.x.x and 100.4.x.x addresses on our lan that were trying to talk through the firewall, but it was not working, the engineer had to issue a command

>norandomseq nailed for them ip's, what exactly does this do?

3 Replies 3

jamesl0112
Level 1
Level 1

They are optional parameters for a NAT rule.

noramdomseq - Disables TCP ISN randomization protection. Normally a firewall would randomise the ISN of the TCP SYN passing in both the inbound and outbound directions.

nailed - Allows TCP sessions for asymmetrically routed traffic. This option allows inbound traffic to traverse the security appliance without a corresponding outbound connection to establish the state.

why would we use this, would we not just create a rule allowing the source in from the outside ?

Well - you need both, a NAT rule to specify which addresses get translated between interfaces, and an access-list rule to allow traffic through.

There will be several reasons why you might need to use these additional options, but without understanding the network and so on it would be hard to say.

If you fancy reading about NAT rule syntax one example Cisco page is here:

http://www.cisco.com/en/US/docs/security/asa/asa71/command/reference/s8_711.html#wp1112330

Review Cisco Networking for a $25 gift card