Configure Cisco IOS Firewall Context-Based Access Control
System-defined port-to-application mapping

Port-to-Application Mapping (PAM) enables administrators to customize TCP or UDP port numbers for network services or applications. PAM uses this information to support network environments that run services using ports that are different from the registered or well-known ports associated with an application.

Using the port information, PAM establishes a table of default port-to-application mapping information at the firewall. The information in the PAM table enables CBAC supported services to run on nonstandard ports. PAM also supports host or subnet-specific port mapping, which enables administrators to apply PAM to a single host or subnet using standard ACLs. Host- or subnet-specific port mapping is done using standard ACLs.

System-defined Port Mapping
PAM creates a table, or database, of system-defined mapping entries using the well-known or registered port mapping information set up during the system startup. The system-defined entries comprise all the services supported by CBAC, which requires the system-defined mapping information to function properly.

The system-defined mapping information cannot be deleted or changed. Therefore, it is impossible to map HTTP services to port 21, the system-defined port for FTP, or FTP services to port 80, the system-defined port for HTTP.

The default system-defined services and applications found in the PAM table are shown in Figure .