You want to use Application Layer inspection rules for an application running on a nonstandard port.

To enable Port to Application Mapping (PAM), use the ip port-map command:

Router1#configure terminal 
Enter configuration commands, one per line.  End with CNTL/Z.
Router1(config)#ip port-map http port tcp 8000
Router1(config)#end                           
Router1#

When configuring CBAC-supported applications, is it sometimes useful to be able to map nonstandard ports to the applications themselves. For example, CBAC supports the inspection of HTTP packets; however, by default the router will assume that all HTTP servers use TCP port 80. In the next example, we’ve configured CBAC to inspect HTTP sessions:

Router1#configure terminal 
Enter configuration commands, one per line.  End with CNTL/Z.
Router1(config)#ip inspect name HTTPACCESS http 
Router1(config)#end                             
Router1#

What happens if someone decides to run their HTTP server on a nonstandard port such as 8000? The answer is that CBAC will not recognize the session as an HTTP session and will not inspect the session. By using Port-to-Application Mapping (PAM) you can map port 8000 to an HTTP application, and CBAC will then handle it accordingly.

In the Solutions section, we mapped port 8000 to application HTTP using PAM. If we show the PAM configuration afterwards we’ll see that port 8000 is now mapped accordingly:

Router1#show ip port-map http Default mapping: http tcp port 80 system defined ...