Cisco ASA Series Configuration Manual page 264

Defaults for Application Inspection
Table 12-1 Supported Application Inspection Engines (continued)
Application Default Port NAT Limitations
RSH TCP/514
RTSP TCP/554
ScanSafe (Cloud TCP/80
Web Security) TCP/413
SIP TCP/5060
UDP/5060
SKINNY TCP/2000
(SCCP)
SMTP and TCP/25
ESMTP
SNMP UDP/161,
162
SQL*Net TCP/1521
Sun RPC over UDP/111
UDP and TCP
TFTP UDP/69
WAAS TCP/1-
65535
Cisco ASA Series Firewall CLI Configuration Guide
12-8
No PAT.
No NAT64.
(Clustering) No static PAT.
No extended PAT.
No NAT64.
(Clustering) No static PAT.
—
No NAT on same security
interfaces.
No extended PAT.
No per-session PAT.
No NAT64 or NAT46.
(Clustering) No static PAT.
No NAT on same security
interfaces.
No extended PAT.
No per-session PAT.
No NAT64, NAT46, or NAT66.
(Clustering) No static PAT.
No NAT64.
No NAT or PAT.
No extended PAT.
No NAT64.
(Clustering) No static PAT.
No extended PAT.
No NAT64.
No NAT64.
(Clustering) No static PAT.
No extended PAT.
No NAT64.
Chapter 12 Getting Started with Application Layer Protocol Inspection
Standards Comments
Berkeley UNIX —
RFC 2326, 2327, No handling for HTTP cloaking.
1889
— These ports are not included in the
default-inspection-traffic class for the
ScanSafe inspection.
RFC 2543 Does not handle TFTP uploaded Cisco
IP Phone configurations under certain
circumstances.
— Does not handle TFTP uploaded Cisco
IP Phone configurations under certain
circumstances.
RFC 821, 1123 —
RFC 1155, 1157, v.2 RFC 1902-1908; v.3 RFC
1212, 1213, 1215 2570-2580.
— v.1 and v.2.
— The default rule includes UDP port 111;
if you want to enable Sun RPC
inspection for TCP port 111, you need
to create a new rule that matches TCP
port 111 and performs Sun RPC
inspection.
RFC 1350 Payload IP addresses are not translated.
— —