Cisco ASA 5506-X Configuration Manual page 136
Cli
Hide thumbs
Also See for ASA 5506-X:
- Installation manual (46 pages) ,
- Hardware installation manual (26 pages) ,
- Quick start manual (14 pages)
Advertisement
Defaults for Application Inspection
Table 6-1
Supported Application Inspection Engines (continued)
Application
Default Port NAT Limitations
RSH
TCP/514
RTSP
TCP/554
ScanSafe (Cloud
TCP/80
Web Security)
TCP/413
SIP
TCP/5060
UDP/5060
SKINNY
TCP/2000
(SCCP)
SMTP and
TCP/25
ESMTP
SNMP
UDP/161,
162
SQL*Net
TCP/1521
Sun RPC over
UDP/111
UDP and TCP
TFTP
UDP/69
Cisco ASA Series Firewall CLI Configuration Guide
6-8
No PAT.
No NAT64.
(Clustering) No static PAT.
No extended PAT.
No NAT64.
(Clustering) No static PAT.
—
No NAT on same security
interfaces.
No extended PAT.
No per-session PAT.
No NAT64 or NAT46.
(Clustering) No static PAT.
No NAT on same security
interfaces.
No extended PAT.
No per-session PAT.
No NAT64, NAT46, or NAT66.
(Clustering) No static PAT.
No NAT64.
No NAT or PAT.
No extended PAT.
No NAT64.
(Clustering) No static PAT.
No extended PAT.
No NAT64.
No NAT64.
(Clustering) No static PAT.
Chapter 6
Getting Started with Application Layer Protocol Inspection
Standards
Comments
Berkeley UNIX
—
RFC 2326, 2327,
No handling for HTTP cloaking.
1889
—
These ports are not included in the
default-inspection-traffic class for the
ScanSafe inspection.
RFC 2543
Does not handle TFTP uploaded Cisco
IP Phone configurations under certain
circumstances.
—
Does not handle TFTP uploaded Cisco
IP Phone configurations under certain
circumstances.
RFC 821, 1123
—
RFC 1155, 1157,
v.2 RFC 1902-1908; v.3 RFC
1212, 1213, 1215
2570-2580.
—
v.1 and v.2.
—
The default rule includes UDP port 111;
if you want to enable Sun RPC
inspection for TCP port 111, you need
to create a new rule that matches TCP
port 111 and performs Sun RPC
inspection.
RFC 1350
Payload IP addresses are not translated.
- Quick Links:
- Table of Contents
Hide quick links:
Advertisement
