Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 
cancel
Start a conversation
692
Views
0
Helpful
1
Replies

NAT a port range on Cisco 1921

Cameron Webster
Level 1
Level 1

ā€Ž10-03-2013 03:35 AM - edited ā€Ž03-11-2019 07:46 PM

Hi

I've read various posts regarding natting a range of ports and have not found a quick way of doing this for my situation.

I have a phone system with a processor card and processor expansion card on separate internal IP addresses.  In order to have a phone outside the network that is not connected via vpn I have to nat a different range of ports from each of the internal phone card IP's to the same public IP.

Is there any way to achieve this through route-maps?

For now, I have natted each port individually (thousands) resulting in a monster running-config.  The router is also not adhering to what I've entered - ie the config line is shown below together with the actual port that is natted:

ip nat inside source static udp 10.22.0.81 7024 222.201.202.203 7024 route-map rmap-nat extendable

1921#sh ip nat translations udp | inc 10.22.0.81

udp 222.201.202.203:7039 10.22.0.81:7024   111.101.102.103:5006 111.101.102.103:5006

What's going on?

Thanks

Cammy

Labels:
0 Helpful
1 Reply 1

Julio Carvajal
VIP Alumni
VIP Alumni

ā€Ž10-12-2013 12:35 PM

Hello,

I see what you mean there is no way to make this happen automatically, you will need to enter each of the NAT statements one by one,

This has been discussed previously on this place.

I have seen this "workaround mentioned before"

access-list 101 permit  tcp host 192.168.2.1 any range 2000 2100 any

route-map NAT permit 10
match ip add 101

ip nat inside source static x.x.x.x y.y.y.y  route-map NAT

But I have never play with it so I cannot tell you that it will work.

It would be easier ofcourse to get a dedicated IP address but that involves money,

Regards,

Jcarvaja

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card