Security Internetworking Experts


Post New Topic  Post A Reply
my profile | register | search | faq | forum home
  next oldest topic   next newest topic
» Security Internetworking Experts   » Security   » CCIE Security Lab Forum   » Port translation in CBAC

UBBFriend: Email this page to someone!    
Author Topic: Port translation in CBAC
egovraj
Newbie

Member # 30939

Rate Member
posted June 18, 2011 09:43 AM      Profile for egovraj     Send New Private Message      Edit/Delete Post  Reply With Quote 
Hi Cisco Experts,

I am new to this forum and this is my first post.
I am doing a dynamic NAT on IOS firewall with overload option. When I see nat translation, source port is not getting translated.

***************************************
FIREWALL#sh ip nat translations
tcp 192.168.70.254:34673 2.2.2.2:34673 150.1.3.3:23 150.1.3.3:23
******************************************

Here is the configuration part :
ip nat pool nat_pool1 192.168.70.254 192.168.70.254 prefix-length 25

access-list 104 permit tcp any any
access-list 104 permit icmp any any

ip nat inside source list 104 pool nat_pool1 overload

Pls suggest how to enable port translation feature on routers.

Posts: 4 | From: India | Registered: Jun 2011  |  IP: Logged
slimak
Specialist

Member # 30837

Rate Member
posted June 18, 2011 10:17 AM      Profile for slimak        Edit/Delete Post  Reply With Quote 
I think that preservation of source port is ok if port is not in use yet.

Try to generate two session with the same source port and you will see...

if you don't have tool like hping2 you can also use more ntp clients (they originate from the same port all sessions)

Posts: 51 | From: SK | Registered: May 2011  |  IP: Logged


All times are Eastern Time  
Post New Topic  Post A Reply Close Topic    Move Topic    Delete Topic next oldest topic   next newest topic
Printer-friendly view of this topic
Hop To:


Contact Us | Security Internetworking Experts