Chapter 1
Getting Started with Application Layer Protocol Inspection
Table 1-1
Supported Application Inspection Engines (continued)
Default
1
Application
Port
Instant
Varies by
Messaging (IM)
client
IP Options
—
IPsec Pass
UDP/500
Through
IPv6
—
MGCP
UDP/2427,
2727
MMP
TCP 5443
NetBIOS Name
UDP/137,
Server over IP
138 (Source
ports)
PPTP
TCP/1723
RADIUS
1646
Accounting
RSH
TCP/514
RTSP
TCP/554
ScanSafe (Cloud
TCP/80
Web Security)
TCP/413
SIP
TCP/5060
UDP/5060
SKINNY
TCP/2000
(SCCP)
SMTP and
TCP/25
ESMTP
NAT Limitations
No extended PAT.
No NAT64.
No NAT64.
No PAT.
No NAT64.
No NAT64.
No extended PAT.
No NAT64.
No extended PAT.
No NAT64.
No extended PAT.
No NAT64.
No NAT64.
No NAT64.
No PAT.
No NAT64.
No extended PAT.
No outside NAT.
No NAT64.
—
No outside NAT.
No NAT on same security
interfaces.
No extended PAT.
No NAT64.
No outside NAT.
No NAT on same security
interfaces.
No extended PAT.
No NAT64.
No NAT64.
2
Standards
Comments
RFC 3860
—
RFC 791, RFC
—
2113
—
—
RFC 2460
—
RFC 2705bis-05 —
—
—
—
NetBIOS is supported by performing
NAT of the packets for NBNS UDP port
137 and NBDS UDP port 138.
RFC 2637
—
RFC 2865
—
Berkeley UNIX
—
RFC 2326, 2327,
No handling for HTTP cloaking.
1889
—
These ports are not included in the
default-inspection-traffic class for the
ScanSafe inspection.
RFC 2543
—
—
Does not handle TFTP uploaded Cisco
IP Phone configurations under certain
circumstances.
RFC 821, 1123
—
Cisco ASA Series CLI Configuration Guide
Default Settings
1-5