Chapter 3
Configuring Application Protocol Inspection
Table 3-1
Application Inspection Support (continued)
Application
Transport
Protocol
Protocol
ICMP error
ICMP
ILS
TCP
OL-16202-01
NAT/PAT
Port
Support
Src—N/A
NAT
Dest—N/A
Src—Any
NAT
Dest—389
Cisco 4700 Series Application Control Engine Appliance Security Configuration Guide
Application Protocol Inspection Overview
Enabled
by
1
Default
Standards
No
—
No
RFC 2251
(LDAPv3)
Includes
support for
RFC 1777
(LDAPv2)
Comments/Limitations
The error keyword
supports NAT of ICMP
error messages. When you
enable ICMP error
inspection, the ACE
creates translation
sessions for intermediate
hops that send ICMP error
messages, based on the
NAT configuration. The
ACE overwrites the
packet with the translated
IP addresses. See the
"ICMP Inspection"
section for more
information.
Referral requests and
responses are not
supported.
Users in multiple
directories are not unified.
Single users having
multiple identities in
multiple directories
cannot be recognized by
NAT.
3-5