cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
5290
Views
20
Helpful
10
Replies

Nat forwarding on Cisco router for UDP ports

jkay18041
Level 3
Level 3

We are setting up a new phone system and need to port forward ports 9000 to 10999 to the ip 192.168.20.1

 

I've done this

ip nat inside source static udp 192.168.20.1 9000 interface gigabitethernet 0/0 9000

 

Do I have to do that for each port or can I do a range of ports some how?

 

Thanks

 

2 Accepted Solutions

Accepted Solutions

Jaderson Pessoa
VIP Alumni
VIP Alumni

Hello

 

access-list udp permit udp any 192.168.20.1 range 9000 10999

ip nat inside source list udp  interface gigabitethernet 0/0 overload

 

Here an exemple: https://community.cisco.com/t5/routing/static-nat-to-a-range-tcp-ports/td-p/680516 

Jaderson Pessoa
*** Rate All Helpful Responses ***

View solution in original post

So my external interface Gigabit0/0 is a static public IP address. 

 

Does that change anything?

View solution in original post

10 Replies 10

Jaderson Pessoa
VIP Alumni
VIP Alumni

Hello

 

access-list udp permit udp any 192.168.20.1 range 9000 10999

ip nat inside source list udp  interface gigabitethernet 0/0 overload

 

Here an exemple: https://community.cisco.com/t5/routing/static-nat-to-a-range-tcp-ports/td-p/680516 

Jaderson Pessoa
*** Rate All Helpful Responses ***

@Jaderson Pessoa 

Elegant solution!


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Thank you :)
Jaderson Pessoa
*** Rate All Helpful Responses ***

Hi

I tried this on a cisco 1941 and got not joy, one work around i did get to work not entirely correctly was the below:

 

ip nat inside source static [Local IP Address] [Wan IP Address] route-map PORTFWD

route-map PORTFWD permit 100
match ip address 100

access-list 100 permit udp any any range 10000 20000

 

The problem with this configuration is that all udp ports are being forwarded to [Local IP Address] instead of the specified range, any thoughts ?

balaji.bandi
Hall of Fame
Hall of Fame

You can do simple way like below :

 

access-list 10 permit udp host 192.168.20.1 range 9000 9001 any

ip nat inside source list 10 interface gigabitethernet 0/0  overload

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Here is my config now.

 

Still doesn't appear to be working. I did manually put it in for port 9000 and it works.

 

interface GigabitEthernet0/0
description WAN side
ip address 1.1.1.161 255.255.255.248
ip nat outside
ip virtual-reassembly in
duplex full
speed auto
!
interface GigabitEthernet0/1
description LAN
ip address 192.168.20.251 255.255.255.0
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
!
ip forward-protocol nd
!
no ip http server
ip http secure-server
!
no ip nat service sip tcp port 5060
no ip nat service sip udp port 5060
ip nat inside source static tcp 192.168.20.1 5060 interface GigabitEthernet0/0 5060
ip nat inside source static udp 192.168.20.1 5060 interface GigabitEthernet0/0 5060
ip nat inside source static udp 192.168.20.1 5061 interface GigabitEthernet0/0 5061
ip nat inside source static tcp 192.168.20.1 5061 interface GigabitEthernet0/0 5061
ip nat inside source static tcp 192.168.20.1 5090 interface GigabitEthernet0/0 5090
ip nat inside source static udp 192.168.20.1 5090 interface GigabitEthernet0/0 5090
ip nat inside source list 103 interface GigabitEthernet0/0 overload
ip nat inside source list NAT interface GigabitEthernet0/0 overload
ip nat inside source static tcp 192.168.20.1 443 interface GigabitEthernet0/0 443
ip nat inside source static tcp 192.168.20.1 5001 interface GigabitEthernet0/0 5001
ip nat inside source static udp 192.168.20.1 9000 interface GigabitEthernet0/0 9000

!
permit ip host 1.1.1.5 any
permit udp any 1.1.1.161 0.0.0.7 range 9000 10999
permit udp any host 1.1.1.161 eq 5060 5061 5090
permit tcp any host 1.1.1.161 eq 443 2195 2196 5001 5060 5061 5090
deny tcp any 1.1.1.160 0.0.0.7 eq ftp 22 telnet smtp www
permit ip any any
ip access-list extended NAT
permit ip any any
ip access-list extended restricted_vty
remark *** Allows Internal Host to Manage Device ***
permit ip host 1.1.1.5 any
deny ip any any
!
!
!
access-list 20 permit publicIP 0 0.0.0.7
access-list 20 deny any
access-list 103 permit udp host 192.168.20.1 range 9000 10999 any

Hello,

 

as far as I recall, the route map with overloading an interface rather than a static IP address won't work. It would work if your external interface had a static IP address, and you could use something like the below. Since you probably don't, you are unfortunately stuck with individual entries...

 

access-list 101 permit udp host 192.168.20.1 range 9000 9100 any
!
route-map UDP permit 10
match ip address 101
ip nat inside source static 192.168.60.10 x.x.x.x route-map UDP extendable

So my external interface Gigabit0/0 is a static public IP address. 

 

Does that change anything?

Hello,

 

If your interface has a static IP address, you can use the configuration sample provided, replace the x.x.x.x with the static public IP address...

Hello,

 

does it work with:

 

ip access-list extended UDP_ACL
permit udp host 192.168.20.2 any range 9000 10999
!
ip nat inside source list UDP_ACL interface GigabitEthernet1/0 overload

 

?

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: