Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Webcast-Catalyst9k
New Member

PORT FORWARDING RANGE

Dear Techs,

i am trying to forward ports range of 10,000 to 20,000 for a customer PBX. normally i would use 1:1 NAT but he is requesting for specific traffic ports.

example:

public int: 192.168.1.3

internal IP: 10.0.1.49

My running config for NAT:

ip nat inside source list 101 interface FastEthernet0/0 overload

access-list 101 permit ip 10.0.1.0 0.0.0.255 any

Everyone's tags (4)
4 REPLIES
Silver

PORT FORWARDING RANGE

try using a pool with the rotary command like this:

ip nat pool portforward 10.0.1.49 10.0.1.49 netmask 255.255.255.0 type rotary

ip nat inside source list 110 interface FastEthernet0/0.6 overload

ip nat inside destination list 100 pool portforward

!

access-list 100 permit udp any any range 10000 20000

access-list 110 permit ip 10.0.1.0 0.0.0.255 any

You have the normal overload, and the range in a pool to connecto to the pbx.

hope it helps

---

Posted by WebUser Pedro Seabra Ávila from Cisco Support Community App

New Member

PORT FORWARDING RANGE

thanks very much for the prompt response....i have tried the commands i am still block on the NAT TRANS

when switching back to 1:1 NAT i am in again fine.

ip nat inside source list 101 interface FastEthernet0/0 overload

ip nat pool portforward 10.0.1.49 10.0.1.49 netmask 255.255.255.0 type rotary

ip nat inside destination list 100 pool portforward

!

!

!

access-list 100 permit udp any any range 10000 20000

access-list 110 permit ip 10.0.1.0 0.0.0.255 any

hope you can assist

thanks

Silver

PORT FORWARDING RANGE

There is a another solution, using route-maps as well:

ip access-list extended UDP_RTP

permit udp host <SIP HOST> any range 16384 37248

!

route-map SIP_NAT permit 10

match ip address UDP_RTP

!

ip nat inside source static 10.1.1.1 20.20.20.20 route-map SIP_NAT

http://www.voip-blog.co.uk/index.php/2009/11/21/nat-sip-range-on-uc500-cme

---

Posted by WebUser Pedro Seabra Ávila from Cisco Support Community App

PORT FORWARDING RANGE

there is no clean solution for what you are trying to achieve except for using a one to one Static NAT mapping which you've already mentioned that it works.

there is no "range" command in NAT. so you would not be able to use Static NAT port translation as you'd have to configure 10,000 NAT statements.

So either use 1:1 NAT mapping or you can consider Pedro's suggestion of using route-map and matching ACL to only allow NAT to happen when these 10,000 ports are being accessed

For a similar query, check this thread:

https://supportforums.cisco.com/thread/2141607

Hope it helps

Neeraj

18776
Views
0
Helpful
4
Replies
CreatePlease to create content