Is it possible to configure NAT on Cisco router for the following scenario?
I have 2 or more SIP servers behind NAT and I need to enable UDP por forwarding to each of those servers for RTP traffic (say port range UDP:10000-20000). I have a one public IP address and already have a PAT in place on the extarnal interface to enable Internet access for the servers and some static NAT for HTTPS and SIP access to those servers from outside. Now I need to forward UDP traffic to those servers from outside.
Would that be possible? Please share any working configs.
Do you have free IPs for WAN Pool? if yes the use below commands to do static NAT with servers -
Note- Cisco Config -
# conf t
# ip nat inside source static 10.1.1.1(Lan Server IP) 192.168.1.1 (Free WAN IP)
But question is what Cisco device you using for doing NAT, is it Cisco Router or Firewall? so that config can be suggested..
your requirement is doing Satatic NAT on Router with WAN IP, suppose you have SIP server IP in LAN is 10.1.1.1 and suppose you have free WAN ip for internet is 192.168.1.1, so you just have to NAT the LAN IP with free WAN IP per below command e.g. - if you want exact command then can you help with your Free IP for WAN pool and SIP Server IP? also command from your router "show ip int brief"
# conf t
# ip nat inside source static 10.1.1.1 192.168.1.1
and also dont forget to use below commands under router interfaces -
under wan interface - e.g.
# int gi0/0
# ip nat outside
under LAN interface - e.g.
# int gi0/1
# ip nat inside
OK, to be more specific, these are my servers:
ip nat inside source static udp 10.2.100.37 5060 interface 188.8.131.52 5060
ip nat inside source static udp 10.2.100.38 5060 interface 184.108.40.206 5061
ip nat inside source static udp 10.2.100.39 5060 interface 220.127.116.11 5062
ip nat inside source static tcp 10.2.100.37 443 interface 18.104.22.168 443
ip nat inside source static tcp 10.2.100.38 443 interface 22.214.171.124 8443
ip nat inside source static tcp 10.2.100.39 443 interface 126.96.36.199 9443
access-list 101 permit udp any any range 10000 20000
route-map SIP_MEDIA permit 10
match ip address 101
ip nat inside source static 10.2.100.37 188.8.131.52 route-map SIP_MEDIA extendable
ip nat inside source route-map PAT_ROUTING interface FastEthernet0/0 overload
PAT_ROUTING is just a routing map that includes allowed internal IPs through NAT.
This config works. The problem with that I can assign this NAT statement only to one internal server, can´t repeat it to all other servers.
Any other suggestions?
The static NAT/PAT will possible for single-to-signle IP but it wont work for same WAN IP (Port) to different LAN IP for same Port, yes, if your SIP server can use different port for other SIP servers then you may try binding on differet port on same WAN IP.