Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
7759
Views
15
Helpful
9
Replies

How to configure multiple range port forwarding?

shinya hiura
Level 1
Level 1

‎09-04-2013 06:34 PM - edited ‎03-04-2019 08:57 PM

Hello everyone!

I am facing critical issue for multiple range and destination of port forwarding.

I would like to configure NAPT as below.

LAN destination addresses                         WAN address

192.168.0.102  port range 16000 16511        10.0.0.1    port range 16000 16511

192.168.0.103  port range 16512 17023        10.0.0.1    port range 16512 17023

192.168.0.104  port range 17024 17535        10.0.0.1    port range 17024 17535

192.168.0.105  port range 17534 18047        10.0.0.1    port range 17534 18047

I have tried as following config, but it doesn't work.

ip nat pool POOL1 192.168.0.102 192.168.0.102 netmask 255.255.255.0 type rotary

ip nat pool POOL2 192.168.0.103 192.168.0.103 netmask 255.255.255.0 type rotary

ip nat pool POOL3 192.168.0.104 192.168.0.104 netmask 255.255.255.0 type rotary

ip nat pool POOL4 192.168.0.105 192.168.0.105 netmask 255.255.255.0 type rotary

ip nat inside destination list 101 pool POOL1

ip nat inside destination list 102 pool POOL2

ip nat inside destination list 103 pool POOL3

ip nat inside destination list 104 pool POOL4

access-list 101 permit udp any any range 16000 16511

access-list 102 permit udp any any range 16512 17023

access-list 103 permit udp any any range 17024 17535

access-list 104 permit udp any any range 17536 18047

I also tried route-map configuration, but result is same.

Do someone have same issue?

I will wait for kindly advice.

Regards,

Shinya

このメッセージは次により編集されています: shinya hiura

Hello everyone,

I am still trying configuration about this, but it doesn't solve so far.

Do someone have correct solution?

1 person had this problem
Labels:
9 Replies 9

jowen3400
Level 1
Level 1

‎09-05-2013 06:16 AM

I am having the same issue.  But you said your wan address is a 10.? are you trying to route a 10. address? is this this set up as a VPN. 

0 Helpful

shinya hiura
Level 1
Level 1
In response to jowen3400

‎09-05-2013 05:21 PM

I am trying this test in my lab.

10.0.0.1 is temporally address, I am not using actual public address.

0 Helpful

cadet alain
VIP Alumni
VIP Alumni

‎09-05-2013 07:34 AM

Hi,

the rotary pools only work with TCP traffic.

Regards

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.

shinya hiura
Level 1
Level 1
In response to cadet alain

‎09-05-2013 05:27 PM

Hi Alain,

Do you know how to set the udp port range up?

Regards,

Shinya

0 Helpful

shinya hiura
Level 1
Level 1
In response to Peter Koltl

‎09-08-2013 05:18 PM

Hi Peter,

I already tryed following config, but the router didn't accept second source IP and same destination IP like this.

ip nat inside source static 192.168.0.102 10.0.0.1 route-map NAT

Router could not accept this line -->ip nat inside source static 192.168.0.103 10.0.0.1 route-map NAT

access-list 101 permit  udp host any range 16000 16511 any

access-list 102 permit  udp host any range 16512 17023 any

route-map NAT1 permit 10
match ip add 101

ip nat inside source static 192.168.0.102 10.0.0.1 route-map NAT

route-map NAT2 permit 10
match ip add 102

ip nat inside source static 192.168.0.103 10.0.0.1 route-map NAT

I already saw below site but not solved my issue.

http://evilrouters.net/2010/05/25/port-forwarding-a-range-of-ports-on-cisco-ios/

Thanks

Hiura

0 Helpful

Peter Koltl
Level 7
Level 7
In response to shinya hiura

‎09-09-2013 02:56 AM

My test is successful:

ip nat pool PORTFWD2 192.168.0.102 192.168.0.102 netmask 255.255.255.0 type rotary

ip nat pool PORTFWD3 192.168.0.103 192.168.0.103 netmask 255.255.255.0 type rotary

access-list 102 permit udp any any range 16000 16511

access-list 102 permit tcp any any range 16000 16511

access-list 103 permit udp any any range 16512 17023

access-list 103 permit tcp any any range 16512 17023

ip nat inside destination list 102 pool PORTFWD2

ip nat inside destination list 103 pool PORTFWD3

int f0/0

ip address 10.0.0.1 255.255.255.0

no shut

ip nat outside

int F0/1

ip address 192.168.0.1 255.255.255.0

no shut

ip nat inside

R1#sh ip nat translations

Pro Inside global     Inside local       Outside local     Outside global

tcp 10.0.0.1:16100     192.168.0.102:16100 10.0.0.2:12654   10.0.0.2:12654

tcp 10.0.0.1:16800     192.168.0.103:16800 10.0.0.2:53244   10.0.0.2:53244

      

0 Helpful

shinya hiura
Level 1
Level 1
In response to Peter Koltl

‎09-09-2013 09:18 PM

Hi Peter,

Thank you for your advice.

I already tested that.

It only works for TCP, UDP is not able to forward by such configuration.

Show IP nat translation shows tcp without udp.

I am realy in trouble.

Thanks

Hiura

Peter Koltl
Level 7
Level 7
In response to shinya hiura

‎09-11-2013 06:46 AM

Well, you are right.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card