10-28-2018 04:50 PM - edited 02-21-2020 08:24 AM
Hi I have to create connectivity for an external phone system say port 50000-51000 UDP from outside to a single host inside.
I would like to map the whole UDP port range range from outside (hitting the external interface) to inside (pabx host 192.168.10.10) keeping udp dest ports consistent eg dest port 50000 coming in to external ios fw interface to PAT to 192.168.10.10 dest port udp 50000
Without having to do each individual PAT statement or get a separate public IP address, is this possible?
10-28-2018 07:01 PM - edited 10-28-2018 07:23 PM
Hi
Yes on asa this is possible.
Let's assume your outside name is outside and acl attached to it called outside_access_in
Here a config sample (sorry if there are some typos, I'm writing this down from my smartphone):
object service PABX-UDP
service udp destination range 50000 51000
!
object network PABX
host 192.168.0.10
!
access-list outside_access_in extended permit object PABX-UDP any object-group PABX
nat (inside,outside) source static PABX 1.1.1.1 service PABX-UDP PABX-UDP
==> Replace 1.1.1.1 by your public ip or your object containing the public ip.
Afterwards, everything should work. Be sure to put the nat at the right place to not have something overlapping.
Do a test and let me know.
[EDIT]
I saw in the title you were talking about udp range on ios.
You can use route-map or an easier one like below:
ip nat pool PABX-UDP 192.168.0.50 192.168.0.10 netmask 255.255.255.0 type rotary
!
access-list 111 permit udp any any range 50000 51000
!
ip nat inside destination list 111 pool PABX-UDP
You need to adapt with your actual config of any other Nat exists.
Here an example with route-map:
https://community.cisco.com/t5/routing/forward-range-ports-for-few-hosts-in-isr4331/td-p/3316899
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide