Cisco Catalyst 6500 Series Configuration Manual page 251

Chapter 13 Configuring Application Protocol Inspection
Table 13-1 Inspection Engine Support (continued)
1
Application Configurable Default Port
ILS (LDAP) Yes
MGCP Yes
NetBIOS No
Name Server
over IP
OraServ No
RealAudio No
RSH Yes
RTSP Yes
SIP TCP Yes
SIP UDP Yes
SKINNY Yes
(SCCP)
SMTP Yes
SQL*Net Yes
Sun RPC No
over UDP
Sun RPC Yes
over TCP
TFTP No
XDMCP No
1. Inspection engines that are enabled by default for the default port are in bold.
2. The FWSM is in compliance with these standards, but it does not enforce compliance on packets being inspected. For example, FTP commands are
supposed to be in a particular order, but the FWSM does not enforce the order.
OL-6392-01
NAT Limitations
TCP/389 No outside NAT. Use the alias
command.
No PAT.
UDP/2427, No NAT or PAT. Use NAT
2727 identity or NAT exemption only.
UDP/137-138 —
UDP/1525 —
UDP/7070 —
TCP/514 No PAT.
TCP/554 No PAT.
No outside NAT. Use the alias
command.
TCP/5060 No outside NAT. Use the alias
command.
No NAT on same security
interfaces.
UDP/5060 No outside NAT. Use the alias
command.
No NAT on same security
interfaces.
TCP/2000 No outside NAT. Use the alias
command.
No NAT on same security
interfaces.
TCP/25 —
TCP/1521 (v1) No policy NAT.
UDP/111 No NAT or PAT. Use NAT
identity or NAT exemption only.
TCP/111 No NAT or PAT. Use NAT
identity or NAT exemption only.
UDP/69 Payload IP address not
translated.
UDP/177 No NAT or PAT. Use NAT
identity or NAT exemption only.
Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide
Inspection Engine Overview
Comments Standards
— —
— RFC2705bis-05
— —
—
—
— Berkeley UNIX
No handling for HTTP RFC 2326, RFC
cloaking. 2327, RFC 1889
— RFC 2543
— RFC 2543
Does not handle TFTP —
uploaded Cisco IP
Phone configurations.
— RFC 821, 1123
v1 and v2. —
— —
— —
— RFC 1350
— —
2
13-3