Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 

How to configure NAT to translate web traffic to another port

Core Issue

Network Address Translation (NAT) can be used to redirect traffic using a particular port to a different port. This is helpful in cases when the users belonging to the inside network use a particular port number to access a particular application, such as a web server available on the inside or outside network. The same application is accessed by users from the outside network using a different port number.

Resolution

To redirect web traffic to a different port, issue the ip nat inside source {static {tcp local-ip local-port global-ip global-port } [extendable] command or the ip nat outside source {static tcp global-ip global-port local-ip local-port} [extendable] command in global configuration mode, depending on whether a web server is available on the inside or outside network. This command creates a permanent extended translation entry in the NAT table, which includes the protocol and port information.

To define the NAT inside and outside interfaces, issue the ip nat inside command and the ip nat outside command under the interfaces.

For example, a web server with address 192.168.1.1, available on the inside network, is configured to listen on Transmission Control Protocol (TCP) port 8080. The users belonging to the inside network access this server using the configured port number. The same web server is accessed from the outside network using the same IP address, but the standard TCP port is 80. This output shows how the relevant configuration on the NAT router appears:

interface Ethernet0
ip address 192.168.1.100 255.255.255.0
ip nat inside
!--- Designated as the NAT inside interface.
!
interface Serial0
ip address 10.1.1.1 255.255.255.0
ip nat outside
!--- Designated as the NAT outside interface.
!
ip nat inside source static tcp 192.168.1.1 8080 192.168.1.1 80 extendable
!--- The above line configures a static NAT mapping for the web server 192.168.1.1, which is available on the inside network.

This command translates the TCP source port number 8080 to 80 for all traffic going from the inside to the outside network. In turn, this configuration translates the destination port number from TCP 80 to 8080 for traffic going from the outside to the inside network.

Version history
Revision #:
1 of 1
Last update:
‎06-22-2009 06:15 PM
Updated by:
 
Labels (1)
Everyone's tags (4)