56-19
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 56 Configuring Service Policy Rules on Firewall Devices
Configuring Traffic Flow Objects
Table 56-6 Default Inspection Traffic
Value Port NAT Limitations Comments
CTIQBE TCP/2748
CuSeeMe UDP/7648
DNS over
UDP
UDP/53 No NAT support for name
resolution through WINS.
No PTR records are changed.
FTP TCP/21
GTP UDP/2123,
3386
H.323, H.225 TCP/1720,
1718
No NAT on same security
interfaces. No static PAT.
RAS UDP/1718,
1719
No NAT on same security
interfaces. No static PAT.
HTTP TCP/80
ICMP — All ICMP traffic is matched in the
default class map.
ILS (LDAP) TCP/389 No PAT.
IP Options — All IP Options traffic is matched in
the default class map.
MGCP UDP/2427,
2727
NETBIOS
Name Server
UDP/137,
138 (Source
ports)
NetBIOS is supported by
performing NAT of the packets for
NBNS UDP port 137 and NBDS
UDP port 138.
RSH TCP/514 No PAT.
RTSP TCP/554 No PAT. No outside NAT. No handling for HTTP cloaking.
SIP TCP/5060;
UDP/5060
No outside NAT. No NAT on same
security interfaces.
Skinny Client
Control
Protocol
(SCCP)
TCP/2000 No outside NAT. No NAT on same
security interfaces.
SMTP and
ESMTP
TCP/25
SQL*Net TCP/1521 Versions 1 and 2.
Sun RPC
over UDP
UDP/111 No NAT or PAT. The default rule includes UDP port
111; if you want to enable Sun
RPC inspection for TCP port 111,
you need to create a new rule that
matches TCP port 111 and
performs Sun RPC inspection.
