×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

PORT FORWARDING RANGE

Unanswered Question
Apr 9th, 2012
User Badges:

Dear Techs,


i am trying to forward ports range of 10,000 to 20,000 for a customer PBX. normally i would use 1:1 NAT but he is requesting for specific traffic ports.



example:


public int: 192.168.1.3


internal IP: 10.0.1.49




My running config for NAT:


ip nat inside source list 101 interface FastEthernet0/0 overload


access-list 101 permit ip 10.0.1.0 0.0.0.255 any

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
fb_webuser Mon, 04/09/2012 - 16:38
User Badges:
  • Silver, 250 points or more

try using a pool with the rotary command like this:


ip nat pool portforward 10.0.1.49 10.0.1.49 netmask 255.255.255.0 type rotary

ip nat inside source list 110 interface FastEthernet0/0.6 overload

ip nat inside destination list 100 pool portforward

!

access-list 100 permit udp any any range 10000 20000

access-list 110 permit ip 10.0.1.0 0.0.0.255 any


You have the normal overload, and the range in a pool to connecto to the pbx.

hope it helps



---

Posted by WebUser Pedro Seabra Ávila from Cisco Support Community App

rotem.shein Mon, 04/09/2012 - 17:53
User Badges:

thanks very much for the prompt response....i have tried the commands i am still block on the NAT TRANS


when switching back to 1:1 NAT i am in again fine.


ip nat inside source list 101 interface FastEthernet0/0 overload

ip nat pool portforward 10.0.1.49 10.0.1.49 netmask 255.255.255.0 type rotary

ip nat inside destination list 100 pool portforward

!

!

!

access-list 100 permit udp any any range 10000 20000

access-list 110 permit ip 10.0.1.0 0.0.0.255 any



hope you can assist



thanks

fb_webuser Mon, 04/09/2012 - 16:41
User Badges:
  • Silver, 250 points or more

There is a another solution, using route-maps as well:

ip access-list extended UDP_RTP

permit udp host <SIP HOST> any range 16384 37248

!

route-map SIP_NAT permit 10

match ip address UDP_RTP

!

ip nat inside source static 10.1.1.1 20.20.20.20 route-map SIP_NAT


http://www.voip-blog.co.uk/index.php/2009/11/21/nat-sip-range-on-uc500-cme


---

Posted by WebUser Pedro Seabra Ávila from Cisco Support Community App

Neeraj Arora Tue, 04/10/2012 - 07:38
User Badges:
  • Silver, 250 points or more

there is no clean solution for what you are trying to achieve except for using a one to one Static NAT mapping which you've already mentioned that it works.


there is no "range" command in NAT. so you would not be able to use Static NAT port translation as you'd have to configure 10,000 NAT statements.


So either use 1:1 NAT mapping or you can consider Pedro's suggestion of using route-map and matching ACL to only allow NAT to happen when these 10,000 ports are being accessed


For a similar query, check this thread:

https://supportforums.cisco.com/thread/2141607


Hope it helps


Neeraj

Actions

This Discussion