Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
472
Views
0
Helpful
4
Replies

Forwarding a RANGE of UDP ports , never solved issue ??

federico_tv
Level 1
Level 1

‎05-24-2013 12:27 AM - edited ‎03-04-2019 07:59 PM

Hi

I've look a lot for a solution to forward a range of UDP ports from internet to a single host on the LAN for VoIP traffic

The SINGLE port working method is :

ip nat inside source static UDP <LAN ADDRESS> <PORT> interface <INTERNET_INTERFACE> <PORT>

The RANGE of ports seems to be a unresolve issue

A solution like:

access-list 110 permit UDP host <LAN ADDRESS> any range <PORT-RANGE>

route-map UDP_PORTS

match ip address 110

ip nat inside static route-map UDP_PORTS <INTERNET_INTERFACE>

fails to work  (no nat translation shown, no UDP ports forwarded)

many others solutions seems not working too

Since I can't add thousand of single static entry , is there anyone knowing a working solution for the issue ???

Thank you very much

Labels:
0 Helpful
4 Replies 4

Jan Rolny
Level 3
Level 3

‎05-24-2013 02:09 AM

Hi Federico,

what version of ASA you use?

I have 8.4(2) and i can make nat

nat (inside,outside) source dynamic network_object interface service any smtp

so thi do that all network specified in object is nated if it attempts to connect to outside SMTP server for me.

It would be simillar in revers situation for you.

Regards,

Jan

0 Helpful

federico_tv
Level 1
Level 1
In response to Jan Rolny

‎05-24-2013 02:21 AM

Sorry, I'm using a 877 router as well other 18xx ones...

0 Helpful

blau grana
Level 7
Level 7
In response to federico_tv

‎05-24-2013 06:15 AM

Hello Federico,

I think there is no solution for this, probably just some workarounds which each technician made up during dealing with this problem.

If you have posibility to configure static 1:1 NAT and with ACL allow only desired ports, I think it is best way to solve this issue.

Best Regards

Please rate all helpful posts and close solved questions

Best Regards Please rate all helpful posts and close solved questions
0 Helpful

federico_tv
Level 1
Level 1
In response to blau grana

‎05-27-2013 06:39 AM

HI

Thank you for your sad answer......

I mean that it is embarassing that such a device like a recent cisco device is unable (or at least their buiders don't provide the capability) to redirect a range of UDP ports coming to the internet interface to an inside LAN machine, while a single NAT rule does it !!!

I think a simple cisco router actually can do things 100 times more complicated, that's all...

Also, from what I heard and read, it can be done with TCP ports....

If anyone has further informations about, he's well accepted !

Thank you

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card