Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
New Member

NAT a port range on Cisco 1921

Hi

I've read various posts regarding natting a range of ports and have not found a quick way of doing this for my situation.

I have a phone system with a processor card and processor expansion card on separate internal IP addresses.  In order to have a phone outside the network that is not connected via vpn I have to nat a different range of ports from each of the internal phone card IP's to the same public IP.

Is there any way to achieve this through route-maps?

For now, I have natted each port individually (thousands) resulting in a monster running-config.  The router is also not adhering to what I've entered - ie the config line is shown below together with the actual port that is natted:

ip nat inside source static udp 10.22.0.81 7024 222.201.202.203 7024 route-map rmap-nat extendable

1921#sh ip nat translations udp | inc 10.22.0.81

udp 222.201.202.203:7039 10.22.0.81:7024   111.101.102.103:5006 111.101.102.103:5006

What's going on?

Thanks

Cammy

1 REPLY

NAT a port range on Cisco 1921

Hello,

I see what you mean there is no way to make this happen automatically, you will need to enter each of the NAT statements one by one,

This has been discussed previously on this place.

I have seen this "workaround mentioned before"

access-list 101 permit  tcp host 192.168.2.1 any range 2000 2100 any

route-map NAT permit 10
match ip add 101

ip nat inside source static x.x.x.x y.y.y.y  route-map NAT

But I have never play with it so I cannot tell you that it will work.

It would be easier ofcourse to get a dedicated IP address but that involves money,

Regards,

Jcarvaja

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
351
Views
0
Helpful
1
Replies
CreatePlease to create content