Chris Bryant: Chris Bryant has helped me along my journey with his famous Train Signal training videos. He is CCIE #12933 and really knows his stuff backwards and forwards.http://www.youtube.com/user/ccie12933
Steve Bowler: Steve demonstrates some great concepts and topologies using GNS3.http://www.youtube.com/user/bowlerspTake some time and go through these videos, as they present some extremely important concepts.
The port mapping information in the PAM table is one of three types:
· System defined
· User defined
Initially, PAM creates a set of system-defined entries in the mapping table using well-known or registered port mapping information set up during the system startup. The Cisco IOS Firewall CBAC feature requires the system-defined mapping information to function properly. The system-defined mapping information can’t be deleted or changed. It isn’t possible to assign an application to an existing system-defined mapping, such as attempting to map HTTP services to port 25 (SMTP). The following table shows the well-known or registered port mapping information.
| Application Name | Registered Port Number | Protocol Description |
| Cuseeme | 7648 | CU-SeeMe Protocol |
| Exec | 512 | Remote process execution |
| ftp | 21 | File Transfer Protocol (control port) |
| http | 80 | Hypertext Transfer Protocol |
| h323 | 1720 | H.323 Protocol (such as MS NetMeeting and Intel Video Phone) |
| login | 513 | Remote login |
| msrpc | 135 | Microsoft Remote Procedure Call |
| netshow | 1755 | Microsoft NetShow |
| real-audio-video | 7070 | RealAudio and RealVideo |
| smtp | 25 | Simple Mail Transfer Protocol |
| sql-net | 1521 | SQL-NET |
| streamworks | 1558 | StreamWorks Protocol |
| sunrpc | 111 | SUN Remote Procedure Call |
| tftp | 69 | Trivial File Transfer Protocol |
| vdolive | 7000 | VDOLive Protocol |
Network applications that use nonstandard ports require user-defined entries in the mapping table. Use the Global Configuration Mode command ip port-map to create user-defined entries ports to application mapping. Use the no form of the command to delete user-defined PAM entries. The command can’t be used to change system-defined port mappings.
The syntax is
Rtr1(config)#ip port-map appl-name port port-num [list acl#]
Rtr1(config)#no ip port-map appl-name port port-num [list acl#]
| appl-name | The name of the application with which to apply the port mapping |
| port | Indicates a port number maps to the application |
| port-num | Port number (1 to 65535) |
| list | The port mapping information applies to a specific host or subnet |
| acl# | Standard ACL number used to identify the host(s) or subnet(s) |
This command was introduced in IOS 12.0(5)T. No default values.
This example shows PAM entries that define a range of nonstandard ports for HTTP services.
Rtr1(config)#ip port-map http port 8000
Rtr1(config)#ip port-map http port 8001
Rtr1(config)#ip port-map http port 8002
User-defined entries in the mapping table can include host-specific mapping, which establishes port mapping information for specific hosts or subnets. In some situations, it might be necessary to override the default port mapping information for a specific host or subnet, including a system-defined default port mapping information. Use the list option for the ip port-map command to specify an ACL for a host or subnet that uses PAM.
In this example, a specific host uses port 8000 for FTP services. ACL 1 identifies the server address (192.168.0.100), while port 8000 is mapped with FTP services:
Rtr1(config)#access-list 1 permit 192.168.0.100
Rtr1(config)#ip port-map ftp port 8000 list 1
In the next example, the same port number is required by different services running on different hosts. Port 8000 is required for FTP services by host 192.168.0.100, while port 8000 is required for HTTP services by host 192.168.0.175. ACL 10 and ACL 2 identify the specific hosts, while PAM maps the ports with the services for each ACL.
Rtr1(config)#access-list 1 permit 192.168.0.100
Rtr1(config)#access-list 2 permit 192.168.0.175
Rtr1(config)#ip port-map ftp port 8000 list 1
Rtr1(config)#ip port-map http port 8000 list 2
Use the Privileged EXEC Mode command show ip port-map to display the Port to Application Mapping (PAM) information. This command displays the port mapping information at the firewall, including the system-defined and user-defined information. Include the application name to display only the entries for that application. Include the port number to display only the entries for that port.
The syntax is
Rtr1#show ip port-map [appl-name | port port-num]
This command was introduced in IOS 12.0(5)T.
The following example shows the port mapping information for FTP services:
Rtr1#show ip port-map ftp
Default mapping: ftp port 21 system defined
Host specific: ftp port 1250 in list 1 user definedFor more information Check the below linkshttp://www.wr-mem.com/?p=86http://www.cisco.com/en/US/products/sw/iosswrel/ps1835/products_configuration_guide_chapter09186a00800ca7c8.html