1-5
Cisco ASA Series CLI Configuration Guide
Chapter 1 Getting Started with Application Layer Protocol Inspection
Default Settings
Instant
Messaging (IM)
Varies by
client
No extended PAT.
No NAT64.
RFC 3860 —
IP Options — No NAT64. RFC 791, RFC
2113
—
IPsec Pass
Through
UDP/500 No PAT.
No NAT64.
——
IPv6 — No NAT64. RFC 2460 —
MGCP UDP/2427,
2727
No extended PAT.
No NAT64.
RFC 2705bis-05 —
MMP TCP 5443 No extended PAT.
No NAT64.
——
NetBIOS Name
Server over IP
UDP/137,
138 (Source
ports)
No extended PAT.
No NAT64.
— NetBIOS is supported by performing
NAT of the packets for NBNS UDP port
137 and NBDS UDP port 138.
PPTP TCP/1723 No NAT64. RFC 2637 —
RADIUS
Accounting
1646 No NAT64. RFC 2865 —
RSH TCP/514 No PAT.
No NAT64.
Berkeley UNIX —
RTSP TCP/554 No extended PAT.
No outside NAT.
No NAT64.
RFC 2326, 2327,
1889
No handling for HTTP cloaking.
ScanSafe (Cloud
Web Security)
TCP/80
TCP/413
— — These ports are not included in the
default-inspection-traffic class for the
ScanSafe inspection.
SIP TCP/5060
UDP/5060
No outside NAT.
No NAT on same security
interfaces.
No extended PAT.
No NAT64.
RFC 2543 —
SKINNY
(SCCP)
TCP/2000 No outside NAT.
No NAT on same security
interfaces.
No extended PAT.
No NAT64.
— Does not handle TFTP uploaded Cisco
IP Phone configurations under certain
circumstances.
SMTP and
ESMTP
TCP/25 No NAT64. RFC 821, 1123 —
Table 1-1 Supported Application Inspection Engines (continued)
Application
1
Default
Port NAT Limitations Standards
2
Comments
To Next Page
Loading...
