03-26-2010 08:14 AM - edited 03-03-2019 05:54 AM
hi Everyone,
I'm running a Cisco 3620 with two interfaces, a FE and an ADSL WIC, and I'm noticing some unexpected behaviour with NAT(ing) some UDP ports, here are the config rules in question:
ip nat inside source static udp 192.168.100.26 14000 interface Dialer1 14000
ip nat inside source static udp 192.168.100.26 14001 interface Dialer1 14001
ip nat inside source static udp 192.168.100.26 14001 interface Dialer1 14002
when I receive traffic through those ports, I see the following in
show ip nat translations | include 14000
udp 64.7.136.227:1038 192.168.100.26:14000 67.163.252.29:62564 67.163.252.29:62564
udp 64.7.136.227:1039 192.168.100.26:14000 67.163.252.29:62564 67.163.252.29:62564
udp 64.7.136.227:1040 192.168.100.26:14000 67.163.252.29:62564 67.163.252.29:62564
udp 64.7.136.227:1041 192.168.100.26:14000 67.163.252.29:62564 67.163.252.29:62564
udp 64.7.136.227:1042 192.168.100.26:14000 67.163.252.29:62564 67.163.252.29:62564
udp 64.7.136.227:1043 192.168.100.26:14000 67.163.252.29:62564 67.163.252.29:62564
udp 64.7.136.227:1044 192.168.100.26:14000 67.163.252.29:62564 67.163.252.29:62564
udp 64.7.136.227:14000 192.168.100.26:14000 --- ---
How can I make this NAT static so that every host originates from port 14000 rather then a dynamic one that is being assigned now?
Any help is greatly appreaciated.
Aleks
03-26-2010 12:33 PM
I don't think you can do so that any source port is changed to a signle one for static transaltions.
If you want you host to originate source port 14000, configure it for doing that.
03-27-2010 11:22 PM
Perhaps I wasn't clear enough in what I needed it to do, here's a show ip nat translations for another (working) NAT
(d) port on the same router:
tcp 64.7.136.227:6667 192.168.100.199:6667 xxx.xxx.xxx.xxx:54375 xxx.xxx.xxx.xxx:54375
tcp 64.7.136.227:6667 192.168.100.199:6667 xxx.xxx.xxx.xxx:50183 xxx.xxx.xxx.xxx:50183
tcp 64.7.136.227:6667 192.168.100.199:6667 xxx.xxx.xxx.xxx:50891 xxx.xxx.xxx.xxx:50891
tcp 64.7.136.227:6667 192.168.100.199:6667 xxx.xxx.xxx.xxx:60443 xxx.xxx.xxx.xxx:60443
tcp 64.7.136.227:6667 192.168.100.199:6667 xxx.xxx.xxx.xxx:2897 xxx.xxx.xxx.xxx:2897
tcp 64.7.136.227:6667 192.168.100.199:6667 xxx.xxx.xxx.xxx:51890 xxx.xxx.xxx.xxx:51890
Notice how the forwarded port is the same on the router interface (64.7.136.227:6667) accross all of the connections that have connected. Now this NAT rule behaves as it should, same syntax used as for the one I originally posted
ip nat inside source static tcp 192.168.100.199 6667 interface Dialer1 6667
the only difference is that this one gets properly assigned to the requested port, whereas these rules
ip nat inside source static udp 192.168.100.26 14000 interface Dialer1 14000
ip nat inside source static udp 192.168.100.26 14001 interface Dialer1 14001
ip nat inside source static udp 192.168.100.26 14001 interface Dialer1 14002
have a dynamically assigned port on (64.7.136.227) interface, as the show ip nat translations shows:
udp 64.7.136.227:1038 192.168.100.26:14000 67.163.252.29:62564 67.163.252.29:62564
udp 64.7.136.227:1039 192.168.100.26:14000 67.163.252.29:62564 67.163.252.29:62564
udp 64.7.136.227:1040 192.168.100.26:14000 67.163.252.29:62564 67.163.252.29:62564
Basically how do I get the three rules to behave the same way as the one on top does...
Thank you,
Aleks
04-07-2010 07:13 PM
Your example shows the app accessing your network from the outside isn't even hitting your ports correctly. Try fixing that first. And I don't know if you meant to do it, but you've got the same outside port trying to be two separate inside ports. What exactly are you trying to accomplish?
10-16-2013 06:06 AM
Hi
I'm seeing the same behaviour on static nat entries for udp ports. Did you get to the bottom of this problem? (I take it the same local port being natted to two different external ports in your nat config is a mistake?
Thanks
Cammy
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide