Cisco 7604 Configuration Manual page 421

Chapter 22 Applying Application Layer Protocol Inspection
Table 22-1 Supported Application Inspection Engines (continued)
1
Application Default Port NAT Limitations
ESMTP TCP/25
FTP TCP/21
GTP UDP/3386
(V0)
UDP/2123
(V1)
H.323 TCP/1720
UDP/1718
UDP (RAS)
1718-1719
HTTP TCP/80
ICMP —
ICMP ERROR —
ILS (LDAP) TCP/389
MGCP UDP/2427,
2727
NetBIOS UDP/138
Datagram
Service / UDP
NetBIOS Name UDP/137
Service / UDP
PPTP TCP/1723
RSH TCP/514
RTSP TCP/554
SIP TCP/5060
UDP/5060
SKINNY TCP/2000
(SCCP)
SMTP TCP/25
Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using ASDM
OL-20748-01
—
—
No NAT or PAT.
No NAT on same security
interfaces.
No static PAT.
—
—
—
No PAT.
—
No NAT
No PAT
—
No PAT
No PAT.
No outside NAT.
No outside NAT.
No NAT on same security
interfaces.
No outside NAT.
No NAT on same security
interfaces.
—
2
Standards Comments
RFC 821, 1123 —
RFC 959 Default FTP inspection does not
enforce compliance with RFC
standards. To do so, configure the
inspect ftp command with the strict
keyword.
— Requires a special license.
ITU-T H.323, By default, both RAS and H.225
H.245, H225.0, inspection are enabled.
Q.931, Q.932
RFC 2616 Beware of MTU limitations stripping
ActiveX and Java. If the MTU is too
small to allow the Java or ActiveX tag to
be included in one packet, stripping
may not occur.
— All ICMP traffic is matched in the
default class map.
— All ICMP traffic is matched in the
default class map.
— —
RFC 2705bis-05 —
— —
— No WINS support.
RFC 2637 —
Berkeley UNIX —
RFC 2326, 2327, No handling for HTTP cloaking.
1889
RFC 3261 —
— Does not handle TFTP uploaded Cisco
IP Phone configurations under certain
circumstances.
RFC 821, 1123 —
Inspection Engine Overview
22-5