Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

Outbound ACL

Hi,

I have a requirement of converting outbound port number in  a cisco router.

I have  set of PCs which connects to the internet IP on port 5060 to be converted to port 6070 on cisco router. Means, the inbound connetion in the LAN interface will be on UDP 5060 and outbound should be on port 6070.

When the reply comes back, it needs to be converted again back to 5060 at the Cisco router.

How can i do it..? Is the access-list is enough? Or do i have to use Route Policy? Please advice with step by step commands.

For your information, there is already a PAT for normal internet connectivity in the cisco router.

Cheers

Nimalraj

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: Outbound ACL

Sorry, still not clear on your requirement.

If you are initiating traffic from client device behind the router towards the Internet server, the client will be sending the traffic towards UDP/5060, and you would like the router to translate the destination port to UDP/6070?

What is the Internet server ip address?

If the above statement is correct, then you need to configure the following:

ip nat outside source static udp 6070 5060

6 REPLIES
Cisco Employee

Re: Outbound ACL

You would need to configure static NAT port redirection for those.

Do you have a spare public ip address, or you are going to NAT it to the WAN interface ip address outbound?

Here is example for your reference:

If you have spare public ip address:

ip nat inside source static udp 5060 6070 extendable

If you don't have spare, and will be using the WAN interface to NAT:

ip nat inside source static udp 5060 interface 6070 extendable

Hope that helps.

Re: Outbound ACL

Hi,

I have a requirement of converting outbound port number in  a cisco router.

I have  set of PCs which connects to the internet IP on port 5060 to be converted to port 6070 on cisco router. Means, the inbound connetion in the LAN interface will be on UDP 5060 and outbound should be on port 6070.

When the reply comes back, it needs to be converted again back to 5060 at the Cisco router.

How can i do it..? Is the access-list is enough? Or do i have to use Route Policy? Please advice with step by step commands.

For your information, there is already a PAT for normal internet connectivity in the cisco router.

Cheers

Nimalraj

Hi Nirmalraj,

You can achive using port forwarding mechnism using NAT in router to do the same,check out the below link for sample configuration in routers.

http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080094e77.shtml

Hope to Help !!

Ganesh.H

Remember to rate the helpful post

Community Member

Re: Outbound ACL

Hi,

I couldnt make it work using these commands. If i could explain further, the internet server accept the connections on UDP 6070 only. It has a static IP address.

The client devices which are behind the cisco router can communicate on UDP 5060 only. So i need to do a  port change at the Cisco router. So that any traffic to the Internet Server from client will have a destination port odf 5060. But when it arrives at Cisco router, this has to be change to 6070 and send to the Internet Server. When the reply packets comes back, the reverse should be done at the Cisco router.

Hope this clears my requirement.

Cheers

Nimalraj

Cisco Employee

Re: Outbound ACL

Sorry, still not clear on your requirement.

If you are initiating traffic from client device behind the router towards the Internet server, the client will be sending the traffic towards UDP/5060, and you would like the router to translate the destination port to UDP/6070?

What is the Internet server ip address?

If the above statement is correct, then you need to configure the following:

ip nat outside source static udp 6070 5060

Community Member

Re: Outbound ACL

Hello,

This has fixed the problem for me. Earlier i was trying to the address translation using both the public and private IP addresses. When i use just the public IP address for To and From field with both the port numbers, the problem has been resolved.

Thanks alot both for your time.

Cheers

nimalraj

Cisco Employee

Re: Outbound ACL

Great to hear it's working now. Thanks for the rating.

728
Views
0
Helpful
6
Replies
CreatePlease to create content