@Jaderson Pessoa 

Elegant solution!

Hi

I tried this on a cisco 1941 and got not joy, one work around i did get to work not entirely correctly was the below:

ip nat inside source static [Local IP Address] [Wan IP Address] route-map PORTFWD

route-map PORTFWD permit 100
match ip address 100

access-list 100 permit udp any any range 10000 20000

The problem with this configuration is that all udp ports are being forwarded to [Local IP Address] instead of the specified range, any thoughts ?

Here is my config now.

Still doesn't appear to be working. I did manually put it in for port 9000 and it works.

interface GigabitEthernet0/0
description WAN side
ip address 1.1.1.161 255.255.255.248
ip nat outside
ip virtual-reassembly in
duplex full
speed auto
!
interface GigabitEthernet0/1
description LAN
ip address 192.168.20.251 255.255.255.0
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
!
ip forward-protocol nd
!
no ip http server
ip http secure-server
!
no ip nat service sip tcp port 5060
no ip nat service sip udp port 5060
ip nat inside source static tcp 192.168.20.1 5060 interface GigabitEthernet0/0 5060
ip nat inside source static udp 192.168.20.1 5060 interface GigabitEthernet0/0 5060
ip nat inside source static udp 192.168.20.1 5061 interface GigabitEthernet0/0 5061
ip nat inside source static tcp 192.168.20.1 5061 interface GigabitEthernet0/0 5061
ip nat inside source static tcp 192.168.20.1 5090 interface GigabitEthernet0/0 5090
ip nat inside source static udp 192.168.20.1 5090 interface GigabitEthernet0/0 5090
ip nat inside source list 103 interface GigabitEthernet0/0 overload
ip nat inside source list NAT interface GigabitEthernet0/0 overload
ip nat inside source static tcp 192.168.20.1 443 interface GigabitEthernet0/0 443
ip nat inside source static tcp 192.168.20.1 5001 interface GigabitEthernet0/0 5001
ip nat inside source static udp 192.168.20.1 9000 interface GigabitEthernet0/0 9000

!
permit ip host 1.1.1.5 any
permit udp any 1.1.1.161 0.0.0.7 range 9000 10999
permit udp any host 1.1.1.161 eq 5060 5061 5090
permit tcp any host 1.1.1.161 eq 443 2195 2196 5001 5060 5061 5090
deny tcp any 1.1.1.160 0.0.0.7 eq ftp 22 telnet smtp www
permit ip any any
ip access-list extended NAT
permit ip any any
ip access-list extended restricted_vty
remark *** Allows Internal Host to Manage Device ***
permit ip host 1.1.1.5 any
deny ip any any
!
!
!
access-list 20 permit publicIP 0 0.0.0.7
access-list 20 deny any
access-list 103 permit udp host 192.168.20.1 range 9000 10999 any

Hello,

as far as I recall, the route map with overloading an interface rather than a static IP address won't work. It would work if your external interface had a static IP address, and you could use something like the below. Since you probably don't, you are unfortunately stuck with individual entries...

access-list 101 permit udp host 192.168.20.1 range 9000 9100 any
!
route-map UDP permit 10
match ip address 101
ip nat inside source static 192.168.60.10 x.x.x.x route-map UDP extendable

Hello,

If your interface has a static IP address, you can use the configuration sample provided, replace the x.x.x.x with the static public IP address...

Hello,

does it work with:

ip access-list extended UDP_ACL
permit udp host 192.168.20.2 any range 9000 10999
!
ip nat inside source list UDP_ACL interface GigabitEthernet1/0 overload

?