JTAPI + UDP = ICMP Port Unreachable

Similar Messages

• ICMP Port Unreachable

  Can someone clarify what the exception java.net.PortUnreachableException: ICMP Port Unreachable indicates (aside from the obvious)? Here is the scenario: using UDP I have a client application, a gateway application, and a server application. The client sends to the server through the gateway and vice versa. I have created 2 sockets, one between the client and the gateway and one between the gateway and the server. When I try to send from the gateway to the client the packet never makes it to the client (server side is fine). When I call sock.getLocalSocketAddress and sock.getRemoteSocketAddress both are 0.0.0.0 (the latter at least has the right port number). The gateway acts as a server for the client and as a client to the server. I tried to fix this using sock.connect on the gateway side for the client facing socket but this eventually generates the ICMP port unreachable exception on the gateway side when receiving from the client.
  Thank you in advance.

  It means there is no UDP connectivity between whatever host gets the exception and whatever host that socket is connected to. Typically a firewall problem.
  The addresses of 0.0.0.0 just mean that the socket is bound to all interfaces, it's not a problem.

• Ping return a lot of "ICMP Port Unreachable from gateway"

  hi all,
  continues getting many "ICMP Port unreachable" messages while i ping a host that is within same subnet. both servers are running solaris 10 U6. is there any wrong configuration of IPMP ?
  PING rac-dbs-a2: 1024 data bytes
  1032 bytes from rac-dbs-a2 (10.1.3.27): icmp_seq=0. time=0.830 ms
  1032 bytes from rac-dbs-a2 (10.1.3.27): icmp_seq=1. time=0.608 ms
  1032 bytes from rac-dbs-a2 (10.1.3.27): icmp_seq=2. time=0.547 ms
  1032 bytes from rac-dbs-a2 (10.1.3.27): icmp_seq=3. time=0.611 ms
  1032 bytes from rac-dbs-a2 (10.1.3.27): icmp_seq=4. time=0.543 ms
  1032 bytes from rac-dbs-a2 (10.1.3.27): icmp_seq=5. time=0.616 ms
  1032 bytes from rac-dbs-a2 (10.1.3.27): icmp_seq=6. time=0.663 ms
  1032 bytes from rac-dbs-a2 (10.1.3.27): icmp_seq=7. time=0.596 ms
  1032 bytes from rac-dbs-a2 (10.1.3.27): icmp_seq=8. time=0.672 ms ICMP Port Unreachable from gateway rac-dbs-a2 (10.1.3.27) for udp from rac-dbs-c2 (10.1.3.36) to rac-dbs-a2 (10.1.3.27) port
  37833
  1032 bytes from rac-dbs-a2 (10.1.3.27): icmp_seq=9. time=0.582 ms
  ----rac-dbs-a2 PING Statistics----
  10 packets transmitted, 10 packets received, 0% packet loss round-trip (ms) min/avg/max/stddev = 0.543/0.6268/0.830/0.0828
  ifconfig -a
  lo0: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu
  8232 index 1
  inet 127.0.0.1 netmask ff000000
  bge0: flags=201000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4,CoS> mtu 1500 index 2
  inet 192.168.1.27 netmask ffffff00 broadcast 192.168.1.255
  groupname internal-multipath
  bge0:1:
  flags=201040843<UP,BROADCAST,RUNNING,MULTICAST,DEPRECATED,IPv4,CoS> mtu 1500 index 2
  inet 192.168.1.37 netmask ffffff00 broadcast 192.168.1.255
  bge1: flags=201000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4,CoS> mtu 1500 index 3
  inet 172.22.100.27 netmask ffffff00 broadcast 172.22.100.255
  groupname smtm-multipath
  bge2: flags=201000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4,CoS> mtu 1500 index 4
  inet 10.1.4.27 netmask ffffff00 broadcast 10.1.4.255
  groupname crf-multipath
  bge2:1: flags=201000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4,CoS> mtu 1500 index 4
  inet 0.0.0.0 netmask ff000000 broadcast 0.255.255.255
  bge3: flags=201000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4,CoS> mtu 1500 index 5
  inet 10.1.3.27 netmask ffffff00 broadcast 10.1.3.255
  groupname rac-multipath
  bge3:1: flags=201000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4,CoS> mtu 1500 index 5
  inet 0.0.0.0 netmask ff000000 broadcast 0.255.255.255
  ce0: flags=201000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4,CoS> mtu 1500 index 6
  inet 0.0.0.0 netmask ff000000 broadcast 0.255.255.255
  groupname internal-multipath
  ce1: flags=201000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4,CoS> mtu 1500 index 7
  inet 0.0.0.0 netmask ff000000 broadcast 0.255.255.255
  groupname smtm-multipath
  ce2:
  flags=249000842<BROADCAST,RUNNING,MULTICAST,IPv4,NOFAILOVER,INACTIVE,CoS
  mtu 0 index 8inet 0.0.0.0 netmask 0
  groupname crf-multipath
  ce3:
  flags=249000842<BROADCAST,RUNNING,MULTICAST,IPv4,NOFAILOVER,INACTIVE,CoS
  mtu 0 index 9inet 0.0.0.0 netmask 0
  groupname rac-multipath
  Edited by: hello78 on May 11, 2009 9:02 PM

  This isn't a Java question. Try the Solaris forum.

• Can PIX 506e return port unreachable

  Hello
  Can PIX 506e return ICMP port unreachable on Linux traceroute with UDP data gram, and if somebody knows how, can you make an example of the access-list how it should be written to allow this response?

  PIX won't return an ICMP port unreachable message and access lists cannot be configured to make PIX to respond a port unreachable.

• SIP/JSR180: Register Response lost as host throw ICMP message: Port Unreach

  Hi All,
  I am trying to create a VoIP application using JSR 180 for mobile device using Java Wireless toolkit.
  My VoIP application is trying to register an IMS core network.
  I am using J2ME emulator to develop/test the application.
  My application is correctly sending REGISTER request to IMS core and wireshark shows that IMS core sends correct 200 OK for REGISTER request.
  My application is sending the REGISTER request from a dynamically selected port (eg. 3456) to 5060 to my proxy and the response 200 OK is coming to the same port, but my host system throws ICMP message quoting "Port Unreachable".
  I guess, the UDP port (3654), is closed as soon as the REGISTER request is sent to network from J2ME enviroment.
  Is there any need for some special setting/configuration so that the port is not closed.
  Please help.
  Regards,
  Shiv

  Sorry I have the lines:
  sipConnection.initRequest("REGISTER", sipNotifier);
  and not
  sipConnection.initRequest("REGISTER", null);
  in my code....the code in the previous post has that error but also with sipNotifier it doesn't work due the same problem.

• Udp client: destination port unreachable question

  Hello,
  I used "trivial" UDPClient / Server example to send datagrams from one local interface (eth1) on my Linux box to Datagram server on yhe host not included into local routing table and I tried to capture outgoing udp traffic on interface eth1. I've got IOException
  "ICMP: destination unreachable" and I only could capture outgoing
  packets on loopback interface ( with Ethereal). Can someone help to
  resolve my confusion: I thought UDP is "connectionless", e.g. will be
  sent regardless. What does ICMP have to do with it and why does this
  traffic appear on loopback interface?
  Thank you,

  If you are using a specific destination it still has to route.

• PXE DHCP ICMP:Destination Unreachable Message

  Hi
  I have a question regarding PXE and DHCP. Is it possible to ping a machine, which is in PXE boot with a DHCP address and able to access my SCCM server? Unfortunately i cannot ping the machine and in network traffic i see:
  12913 17:00:17 01.04.2015 759.8323064  SRV-SCCMDP-501 <00> 172.16.10.66 ICMP ICMP:Destination Unreachable Message, Port Unreachable, 172.16.8.38:69 {IPv4:228}
  No firewall between the machines and is the same subnet.
  Thank you in Advance

  Hi Torsten
  Thank you for your reply. I'm in hardware pxe, so no firewall is active.
  Here is the network traffic:
  1525597 11:55:38 02.04.2015 68880.5266514  172.16.10.25 SRV-SCCMDP-501   TFTP TFTP: Read Request - File: SMSBoot\x64\wdsnbp.com, Transfer Mode: octet tsize: 0  {UDP:1483, IPv4:1477}
  1525598 11:55:38 02.04.2015 68880.5266948  SRV-SCCMDP-501   172.16.10.25 ICMP ICMP:Destination Unreachable Message, Port Unreachable, 172.16.8.38:69 {IPv4:1477}
  1525701 11:55:44 02.04.2015 68886.5143787  172.16.10.25 SRV-SCCMDP-501   TFTP TFTP: Read Request - File: SMSBoot\x64\wdsnbp.com, Transfer Mode: octet tsize: 0  {UDP:1488, IPv4:1477}
  1525702 11:55:44 02.04.2015 68886.5144115  SRV-SCCMDP-501   172.16.10.25 ICMP ICMP:Destination Unreachable Message, Port Unreachable, 172.16.8.38:69 {IPv4:1477}
  I'm lost....

• Can ACE 4710 send ICMP-dest-unreachable?

  Dear Community!
  We have previously configured an ACE context for implementing redundant corporate DNS service and now testing a transparent ACE context and HA configuration.One virtual-IP is configured for UDP/53, listening for DNS requests. Behind the VIP, there are 3 DNS server. The next step of our testing process, we have shut down all real-server instance behind the virtual-IP while inspecting DNS clients behaviour. Besides the DNS clients requesting the virtual-IP DNS service need ICMP-destination-unreachable packet to switchover the secondary DNS server.
  Can ACE 4710 send ICMP-dest-unreachable?
  Thanks in advance!
  Regards,
  Belabacsi
  from Hungary

  Unfortunately the 4710 does not send icmp unreachable when a vserver is down.
  If you have backup dns service, you can configure it on ace itself.
  Gilles.

• New Install - ICMP Host Unreachable from gateway

  Hi team,
  I'm configuring a new solaris x86 box for the first time in a long time and I'm running into a problem that has me stumped.
  I just installed Solaris 10 v7 on a P4 Dell box with an intel pro1000 adapter loaded.
  Installed using ZFS and install went well. I set a static IP of 192.168.1.70 on a proper 192.168.1.x lan.
  After install, everything seems to work fine but cannot ping a FQDN such as www.google.com, etc.
  at first, I tried to join a local domain - maxximgroup.com and my computer name is set to sunzilla.
  Here's my network config files;
  sunzilla is set up with static IP = 192.168.1.70
  # ifconfig -a
  lo0: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232 index 1
  inet 127.0.0.1 netmask ff000000
  e1000g0: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2
  inet 192.168.1.70 netmask ffffff00 broadcast 192.168.1.255
  ether 0:1b:21:27:56:2c
  lo0: flags=2002000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv6,VIRTUAL> mtu 8252 index 1
  inet6 ::1/128
  e1000g0: flags=2004841<UP,RUNNING,MULTICAST,DHCP,IPv6> mtu 1500 index 2
  inet6 fe80::21b:21ff:fe27:562c/10
  ether 0:1b:21:27:56:2c
  And /etc/hosts shows host name sunzilla associated w/ 192.168.1.70...
  # cat /etc/hosts
  # Internet host table
  ::1 localhost
  127.0.0.1 localhost
  192.168.1.70 sunzilla loghost
  And my resolv.conf file shows my internal DNS routers as well as a 3rd I added (4.2.2.2) just in case...
  # cat /etc/resolv.conf
  domain maxximgroup.com
  nameserver 192.168.1.20
  nameserver 192.168.1.22
  nameserver 4.2.2.2
  search maxximgroup.com
  I noticed the /etc/defaultrouter file was MISSING... so I created one pointing to my router...
  # cat /etc/defaultrouter
  192.168.1.1
  And finally, I checked the /etc/nsswitch.conf file and it does indeed show hosts & ipnodes --> files & dns ...
  # cat /etc/nsswitch.conf
  # Copyright 2006 Sun Microsystems, Inc. All rights reserved.
  # Use is subject to license terms.
  # /etc/nsswitch.dns:
  # An example file that could be copied over to /etc/nsswitch.conf; it uses
  # DNS for hosts lookups, otherwise it does not use any other naming service.
  # "hosts:" and "services:" in this file are used only if the
  # /etc/netconfig file has a "-" for nametoaddr_libs of "inet" transports.
  # DNS service expects that an instance of svc:/network/dns/client be
  # enabled and online.
  passwd: files
  group: files
  # You must also set up the /etc/resolv.conf file for DNS name
  # server lookup. See resolv.conf(4).
  hosts: files dns
  # Note that IPv4 addresses are searched for in all of the ipnodes databases
  # before searching the hosts databases.
  ipnodes: files dns
  networks: files
  protocols: files
  rpc: files
  ethers: files
  netmasks: files
  bootparams: files
  publickey: files
  # At present there isn't a 'files' backend for netgroup; the system will
  # figure it out pretty quickly, and won't use netgroups at all.
  netgroup: files
  automount: files
  aliases: files
  services: files
  printers: user files
  auth_attr: files
  prof_attr: files
  project: files
  tnrhtp: files
  tnrhdb: files
  I can ping local IP addresses ...
  # ping 192.168.1.1
  192.168.1.1 is alive
  But not external addresses ...
  # ping 67.15.211.8
  ICMP Host Unreachable from gateway sunzilla (192.168.1.70)
  for icmp from sunzilla (192.168.1.70) to ns1.siteground168.com (67.15.211.8)
  ICMP Host Unreachable from gateway sunzilla (192.168.1.70)
  for icmp from sunzilla (192.168.1.70) to ns1.siteground168.com (67.15.211.8)
  ICMP Host Unreachable from gateway sunzilla (192.168.1.70)
  for icmp from sunzilla (192.168.1.70) to ns1.siteground168.com (67.15.211.8)
  ICMP Host Unreachable from gateway sunzilla (192.168.1.70)
  for icmp from sunzilla (192.168.1.70) to ns1.siteground168.com (67.15.211.8)
  ^C#
  and naturally, I can ping a FQDN either (confirmed to be pingable on a computer on the same lan) ...
  # ping mycloud.local
  ping: unknown host mycloud.local
  Can anyone provide some guidance pls?

  Thanks Robert. You were absolutely on the right track. It turns out that in my "rush" to get my new ZFS "toy" up and running, during the install, I gave Solaris a static address but told it to automatically find the gateway. Oops! When solaris 10 installed, it correctly decided that since it had a static IP, it should assign the gateway as itself! So, naturally, when I ran netstat -m, It showed my gateway as myself! 192.168.1.70 sunzilla.
  I'm used to running Solaris on a Sparc platform and I'm a bit uncomfortable with reboots and I figured there would surely be a network restart command somewhere. After finding out that things have now changed in Solaris 10 quite a bit from Solaris 8, I just decided to init 6.
  After the system came up, everything was happy : -)
  So again, thanks to Robert for helping save the day!

• Is it dangerous if I expose UDP 1434 port of SQL 2008R2 server in Azure VM to the Internet ?

  I am setting up client/server Application running on SQL2008 server on Azure VM.
  Is it dangerous if I  expose UDP 1434 port of SQL 2008R2 server in Azure VM  to the Internet ?

  I do not get your answer exactly , but you mean "That is a much bigger issue from a security perspective." this is dangerous to expose SQL server connection port to the Internet ?
  Application uses named SQL instance , so it needs UDP 1434 port to connect to SQL server.
  Exposing any server to a network is dangerous.  Exposing a server to the public internet is more risky than connecting to a private network.  You cannot eliminate risk but it can be mitigated.
  An inherent risk with exposing the SQL Server port is that any client with network connectivity can then try to compromise security, commonly with a dictionary attack.  A malicious user can then gain access to the database limited only by
  the compromised account security context.
  There are several steps you can take to mitigate this risk.  To name a few, allow only trusted IP addresses through the firewall.  Run only those services actually needed.  Expose only those ports needed.  Rename the sa login. 
  Assign strong passwords to all accounts.  Keep all software up-to-date with security patches.  Use a service layer to access database services instead of directly from front-end clients.
  In your case, you can hard-code the named instance port in connection strings instead of using the SQL Browser service.  Your connection strings do not need to specify the instance name with this technique and UDP 1434 is not needed for connectivity. 
  Dan Guzman, SQL Server MVP, http://www.dbdelta.com

• ICMP Host Unreachable from gateway localhost (127.0.0.1)

  I had a functional zone. But we had an outage and for some reason one of my zones is unreachable. Looks like the problem is that the default route has changed. How can I add a default route to a zone?
  Thanks
  Manish
  --- global zone ---
  -bash-3.00# zoneadm list -iv
  ID NAME STATUS PATH BRAND IP
  0 global running / native shared
  2 www running /export/zones/www native shared
  4 java running /export/zones/java native shared
  --- zone java ---
  -bash-3.00# ping 131.247.16.130
  ICMP Host Unreachable from gateway localhost (127.0.0.1)
  for icmp from localhost (127.0.0.1) to 131.247.16.130
  ICMP Host Unreachable from gateway localhost (127.0.0.1)
  for icmp from localhost (127.0.0.1) to 131.247.16.130
  ICMP Host Unreachable from gateway localhost (127.0.0.1)
  for icmp from localhost (127.0.0.1) to 131.247.16.130
  -bash-3.00# ifconfig -a
  lo0:1: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232 index 1
  inet 127.0.0.1 netmask ff000000
  bge0:3: flags=4001000842<BROADCAST,RUNNING,MULTICAST,IPv4,DUPLICATE> mtu 1500 index 2
  inet 131.247.16.149 netmask ffffff80 broadcast 131.247.16.255
  -bash-3.00# netstat -rn
  Routing Table: IPv4
  Destination Gateway Flags Ref Use Interface
  127.0.0.1 127.0.0.1 UH 4 61 lo0:1
  -bash-3.00# route add default 131.247.16.254
  add net default: gateway 131.247.16.254: insufficient privileges
  --- zone www ---
  -bash-3.00# netstat -rn
  Routing Table: IPv4
  Destination Gateway Flags Ref Use Interface
  default 131.247.16.254 UG 1 47
  131.247.16.128 131.247.16.131 U 1 13 bge0:2
  224.0.0.0 131.247.16.131 U 1 0 bge0:2
  127.0.0.1 127.0.0.1 UH 4 108 lo0:2

  ifconfig -a will show when you have a duplicated IP address.
  It appears along with the text values for the interface flags ie
  host-u010|global$ ifconfig -a
  lo0: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232 index
  1
  inet 127.0.0.1 netmask ff000000
  bge0: flags=9040843<UP,BROADCAST,RUNNING,MULTICAST,DEPRECATED,IPv4,NOFAILOVER> m
  tu 1500 index 2
  inet 10.236.93.156 netmask ffffffc0 broadcast 192.168.93.191
  groupname data
  host-u010|global$
  You would see DUPLICATE or DUPLICATED in that field, and the flags would be different. Sorry, I don't have a duplicate IP situation going on right now, but my memory says it looked something like this:
  host-u010|global$ ifconfig -a
  lo0: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232 index
  1
  inet 127.0.0.1 netmask ff000000
  bge0: flags=9040843<UP,BROADCAST,RUNNING,MULTICAST,DEPRECATED,IPv4,NOFAILOVER,DUPLICATE> m
  tu 1500 index 2
  inet 10.236.93.156 netmask ffffffc0 broadcast 192.168.93.191
  groupname data
  host-u010|global$
  Cheers,

• Incoming RTP traffic blocked by SPA112 ATA: UDP port unreachable

  Hi folks,
  I'm using a Cisco SPA112 ATA behind a NAT, where port 5060,5061 and 16384-16482 are forwarded. Registration to the SIP proxy also works fine. However, I'm struggling with audio issues, meaning that the RTP session is not setup properly.
  When investigating this issue at the packet-level, I found that the ATA itself is blocking traffic:
  21:00:21.857655 IP 192.168.x.y > 82.197.a.b: ICMP 192.168.x.y udp port 16452 unreachable, length 208
  The blocked port number depends per session, but is always between 16384 and 16482.
  Actually, the issue sounds very much like in [1]. However, the proposed solution (disabling CDP) is not of any help to me, since it's disabled on my ATA by default. Any clue what could be the reason for this behaviour? Your help is greatly appreciated.
  [1] https://supportforums.cisco.com/discussion/11470321/spa-962-intermittently-no-audio-rtp-port-closedunreachable

  Hi,
  You can try this packet Tracer:-
  packet input outside udp <External Source Ip on the internet>  45657 <Outside interface IP> 43139 det
  For the captures , you just need to verify that the ASA device is passing the traffic through as this is UDP traffic , we would not be able to find much.
  For more information on captures:-
  https://supportforums.cisco.com/document/69281/asa-using-packet-capture-troubleshoot-asa-firewall-configuration-and-scenarios
  Let me know if you have any further queries.
  Thanks and Regards,
  Vibhor Amrodia

• Airplay disconnection: port unreachable

  Hi,
  I use my mac (on maverick) with an airplay speaker and I have a disconnection problem.
  Sometime, the music is cut without specific reason. So I do some tests and I found some trails but I don't know how to resolve this.
  If I play a mp3 320kb/s, it cut more often than a 128kb/s (it happens with 128kb/s notwithstanding).
  So, the size of the music seems to play in my problem.
  I run a tcpdump to see what happens when the music cut.
  Here is when the music plays: 10.0.0.1 is my host. 10.0.0.3 is the speaker.
  18:34:22.197963 IP 10.0.0.11.54966 > 10.0.0.3.opennl: UDP, length 1018
  And when the music cuts:
  18:34:54.294150 IP 10.0.0.11 > 10.0.0.3: ICMP 10.0.0.11 udp port 6002 unreachable, length 36
  So, it seems the speaker is unreachable.
  My question is why ? I don't understand why the speaker becomes unreachable sometime, never on the same times.
  Thanks for your help.

  AirPlay - What does this feature do with Airport Express?  Can I send my presentation to Windows and Mac notebooks of the audiances provided they all use the wifi network of Airport Express?
  AirPlay is a means to stream audio and video from an iTunes source to an AirPlay-enabled speaker: AirPort Express Base Station (AX), Apple TV, or another vendor's AirPlay-enabled device. Check out the following Apple Support article for details.
  USB port - It memtions for printer only.  How can a USB port for printer only?  I prefer using it with my portable hard disk in more practical conditions.  Is it because it cannot provide sufficient power to run the hard disk.  In this case, can I use a power adapter of hard disk and connect the hard disk for accessing the data only.
  The issue is not related to power. It is because Apple did not include a file server function with the AirPort Express, like it does with the 802.11n AirPort Extreme or Time Capsule. There is NO option to connect a USB HDD to the Express' USB port for sharing it out to network clients.
  On the other hand, if you have an actual NAS device, it can be connected to the Express' LAN port and it can then be accessible from network clients.

• ASA PAT UDP source port

  Is there a way to preserve the source port for UDP packets that use a PAT pool?
  Here is what I need:
  The client (1.1.1.1) sends a UDP packet from port 5060 to port 5060 on our external 2.2.2.2. This packet is port forwarded to our internal server 10.10.10.10 with the original source and destination port. The server then sends a UDP response to the client from port 5060 to port 5060. The server is in a PAT pool that only contains the address 2.2.2.2. The ASA changes the source port and our client ends up rejecting the packet because the source port is not what it expected.
  How can I preserve the original source port when the packet goes through the PAT pool?
  Thanks,
  Steven

  Hi,
  Well you could probably make this work for the outbound direction BUT in the inbound direction from the Internet I dont think the is really a way to use the same public IP address and public UDP port.
  I mean, the ASA doesnt have any way to determine what traffic on destination port UDP5060 to destination IP 2.2.2.2 would have to be forwarded to which internal IP.
  It would simply use the first rule matched always.
  But as I said for the outbound direction it might work.
  You would simply add another similiar NAT statement with different source object with different source IP address. ASA would again accept the command but give an warning about rule overlap.
  I guess the below added would work for the outbound direction IN THEORY
  object network HOST-1
  host 10.10.11.11
  object network HOST-2
  host 10.10.11.12
  nat (inside,outside) source static HOST-1 interface service UDP5060 UDP5060
  nat (inside,outside) source static HOST-2 interface service UDP5060 UDP5060
  But not for inbound, though if I understood correctly, the inbound traffic should only even go to a single virtual IP
  I would imagine this is as close as you can get to "implementing" something wierd on the ASA
  - Jouni

• RAC interconnect using UDP - default ports?

  Is there a default port used by each cluster member to listen for connections over UDP? We use IPTABLES firewalls on our hosts, and I need to ensure the cluster heartbeat traffic gets through the firewall properly.
  Thanks in advance.
  Jeff

  user2528460 wrote:
  I understood the UPD ports that are going to be used on the interconnect (clearly without a firewall). Is there a set of default ports?I did a quick count (using <i>lsof</i> to list UDP ports opened on the Interconnect interface) that showed over 185 UDP ports in use.. E.g.
  [root ~]# lsof -n -i | grep UDP | grep "10.0.1.1"
  oracle     5577  oracle   10u  IPv4   130938       UDP 10.0.1.1:22747
  oracle     5577  oracle   15u  IPv4   130941       UDP 10.0.1.1:64265
  oracle     5579  oracle   10u  IPv4   130948       UDP 10.0.1.1:39566
  oracle     5579  oracle   15u  IPv4   130951       UDP 10.0.1.1:55454
  oracle     5579  oracle   21u  IPv4   130970       UDP 10.0.1.1:27897
  oracle     5581  oracle   10u  IPv4   130973       UDP 10.0.1.1:14118
  oracle     5581  oracle   15u  IPv4   130976       UDP 10.0.1.1:13774
  oracle     5583  oracle   10u  IPv4   130983       UDP 10.0.1.1:33277
  oracle     5583  oracle   15u  IPv4   130986       UDP 10.0.1.1:6886
  ..snipped..I would not be concerned about what ports are in use. The important decisions are do you use bonding for the Interconnect, do you use jumbo or super-jumbo frames (MTU sizes), and so on. The actual ports being used has no real bearing as firewalling is not applicable.