Installation guide
12-7
Device Manager Guide, Cisco ACE 4700 Series Application Control Engine Appliance
OL-26645-02
Chapter 12 Configuring Traffic Policies
Class Map and Policy Map Overview
ICMP error ICMP Src—N/A
Dest—N/A
NAT No — The ICMP Error field
supports NAT of ICMP
error messages. When you
enable ICMP error
inspection, the ACE
appliance creates
translation sessions for
intermediate hops that
send ICMP error
messages, based on the
NAT configuration. The
ACE appliance overwrites
the packet with the
translated IP addresses.
ILS TCP Src—Any
Dest—389
NAT No RFC 2251
(LDAPv3)
Includes
support for
RFC 1777
(LDAPv2)
Referral requests and
responses are not
supported.
Users in multiple
directories are not unified.
Single users having
multiple identities in
multiple directories
cannot be recognized by
NAT.
RTSP TCP Src—Any
Dest—554
NAT No RFC 2326,
RFC 2327,
RFC 1889
Inspects RTSP packets
and translates the payload
according to NAT rules.
The ACE opens up the
secondary channels for
audio and video. Not all
the RTSP methods (packet
types) specified in the
RFC are supported.
SCCP TCP Src—Any
Dest—2000
NAT No — The ACE does not support
PAT with SCCP.
SIP TCP and
UDP
Src—Any
Dest—5060
NAT No RFC 2543,
RFC 3261,
RFC 3265,
RFC 3428
The ACE does not support
PAT with SIP.
1. The ACE is in compliance with these standards, but it does not enforce compliance on packets being inspected. For example,
FTP commands are supposed to be in a particular order, but the
ACE does not enforce the order.
For background information about application protocol inspection as performed by the ACE appliance,
see the Security Guide, Cisco ACE Application Control Engine.
Table 12-2 Application Inspection Support (continued)
Application
Protocol
Transpo
rt
Protocol Port
NAT/PA
T
Support
Enabled
by
Default
Standards
1
Comments/Limitations