[c-nsp] Configure NAT to use a certain port range for source ports
Gary Smith
lists at l33t-d00d.co.uk
Sun Apr 15 09:23:04 EDT 2012
On 15/04/2012 13:59, Jason Lixfeld wrote:
> Hi all,
>
> I have an inside NTP server behind an IOS NAT box that is trying to sync time from an outside NTP server. NAT changes the source port to some low port, but due to a bug in the NTP implementation on the outside NTP server, source ports< 123 are rejected. So - is there a way that I can configure NAT to use a high source port when the destination port is UDP/123?
>
> T
Could you not use Static PAT here? It seems like it'd probably be a
valid way to solve the problem rather than hoping that the NAT won't hit
a port that the NTP server disagrees with.
http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/nat_staticpat.html
Gary
More information about the cisco-nsp
mailing list