Showing results for 
Search instead for 
Did you mean: 

NAT on a Cisco IOS router

Kevin Melton


i am working at a client site today.  The client has indicated that they need to have a server translated so that connections coming in from the public can access the server.  I told the client I would be able to use NAT for this on their 2911 G2 router.

The requirement is that connection attemtps be allowed to come into a public address, which I will call for the purpose of this example. 

The inside (real address) for the server is 

Here is the statement that I have placed on the router:

ip nat inside source static

and also have placed "ip nat inside" on the Ethernet that faces inside to the network.  I have placed "ip nat outside" on the Ethernet that faces the Internet.

I also placed an ACL statement to allow the ports required which reads:

180 permit tcp any any eq 60000 64999

181 permit udp any any eq 60000 64999

My concern is whether I have written the NAT statement correctly or not.

here is what I see when I perform a "sho ip nat trans"

tbhroomsgw#sho ip nat trans

Pro Inside global      Inside local       Outside local      Outside global

---      ---                ---









---      ---                ---

---      ---                ---

Any help would be greatly appreciated.

2 Replies 2

Hi Kevin,

you need to make some changes here.  We'll assume your internal interface is fa0/0 and your external is fa0/1 for the sake of this reply.

ip access-list extended aclPortFrowardRange
 permit tcp any any range 60000 64999
 permit udp any any range 60000 64999
ip access-list standard aclNat
ip nat pool poolServer netmask type rotary
interface fa0/0 
 ip address ! or whatever it is on this subnet.
 ip nat inside
interface fa0/1
 ip nat outside
ip nat inside source list aclNat interface fa0/1 overload
ip nat inside destination list aclPortForwardRange pool poolServer

You will also need to poke any holes in your inbound ACL on your external interface if there is one.  use a similar sytax to the aclPortForwardRange example above in this ACL if need be.

Let us know how this goes.

As it turns out, the configuration I had submitted on the post worked just fine.

Thanks for your response.


Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers