Cisco ASA Series Configuration Manual page 263

Chapter 12 Getting Started with Application Layer Protocol Inspection
Table 12-1 Supported Application Inspection Engines (continued)
Application Default Port NAT Limitations
H.323 H.225 and TCP/1720
RAS UDP/1718
UDP (RAS)
1718-1719
HTTP TCP/80
ICMP —
ICMP ERROR —
ILS (LDAP) TCP/389
Instant Varies by
Messaging (IM) client
IP Options —
IPsec Pass UDP/500
Through
IPv6 —
MGCP UDP/2427,
2727
MMP TCP 5443
NetBIOS Name UDP/137,
Server over IP 138 (Source
ports)
PPTP TCP/1723
RADIUS 1646
Accounting
No dynamic NAT or PAT.
Static PAT may not work.
(Clustering) No static PAT.
No extended PAT.
No per-session PAT.
No NAT on same security
interfaces.
No NAT64.
—
—
—
No extended PAT.
No NAT64.
No extended PAT.
No NAT64.
No NAT64.
No PAT.
No NAT64.
No NAT64.
No extended PAT.
No NAT64.
(Clustering) No static PAT.
No extended PAT.
No NAT64.
No extended PAT.
No NAT64.
No NAT64.
(Clustering) No static PAT.
No NAT64.
Standards Comments
ITU-T H.323, —
H.245, H225.0,
Q.931, Q.932
RFC 2616 Beware of MTU limitations stripping
ActiveX and Java. If the MTU is too
small to allow the Java or ActiveX tag to
be included in one packet, stripping
may not occur.
— ICMP traffic directed to an ASA
interface is never inspected.
— —
— —
RFC 3860 —
RFC 791, RFC —
2113
— —
RFC 2460 —
RFC 2705bis-05 —
— —
— NetBIOS is supported by performing
NAT of the packets for NBNS UDP port
137 and NBDS UDP port 138.
RFC 2637 —
RFC 2865 —
Cisco ASA Series Firewall CLI Configuration Guide
Defaults for Application Inspection
12-7