Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
938
Views
0
Helpful
2
Replies

Port forward multiple ranges of udp ports under the same wan ip

aklgtl
Level 1
Level 1

‎05-14-2020 06:55 AM

Ok, it's the same question that many have asked but I thought why not also me, so bare with me.

I have been searching and reading for a couple of weeks now but nada.

I have a C1111X-8P unit as my office main gateway to the interwebs.

I have configured my PAT with overload and my local hosts can access internet using the same public wan ip.

Also in the office we have some local services that with our previous router (a Sophos utm) we just port forward some tcp/udp ranges and everything worked fine.

From reading this functionality in the Cisco world is the a static nat. To be exact something like that

 

ip nat inside source static udp 192168.1.64 7447 justapublicwanaddress 7447 extendable 

 

Ok this works, nice and dandy for a port but I need to forward a couple of hundreds of ports and not at the same local destination.

 

e.g.

tcp/udp 3230-3380 to a local video conference system

udp 8000-8099 to a local sip server

 

Reading the manuals, everything points out that this is not something that IOS can do.

I have read about the route map solution that a static rule supports but this doesn't allow me to map two internal hosts to the same public ip due to basically being an 1:1 static nat rule that you filter in the way out from the inside to the outside interface.

 

So is there anything else to try?

 

0 Helpful
2 Replies 2

Hector Gustavo Serrano Gutierrez
Cisco Employee
Cisco Employee

‎05-14-2020 07:23 AM - edited ‎05-14-2020 07:30 AM

Hi @aklgtl,

What about a couple of code lines in Python? DevNet and programmability are showing their helpfulness in many use cases nowadays.

You'll have the NAT configuration lines generated in 10 seconds (or less hehe)

Python comes pre-installed in Mac OS X and many Linux distributions.

It can be quickly downloaded from the official site for Windows.

 

Here an example:

$ python
Python 2.7.16 (default, Jan 27 2020, 04:46:15) 
[GCC 4.2.1 Compatible Apple LLVM 10.0.1 (clang-1001.0.37.14)] on darwin
Type "help", "copyright", "credits" or "license" for more information.
>>> 

>>> for PORT in range(3230, 3380 + 1):
...     print("ip nat inside source static udp {INSIDE_LOCAL} {PORT} {PUBLIC_IP} extendable {PORT}".format(INSIDE_LOCAL="192.168.1.64", PORT=PORT, PUBLIC_IP="JUSTAPUBLICWANADDRESS"))
... 
ip nat inside source static udp 192.168.1.64 3230 JUSTAPUBLICWANADDRESS extendable 3230
ip nat inside source static udp 192.168.1.64 3231 JUSTAPUBLICWANADDRESS extendable 3231
ip nat inside source static udp 192.168.1.64 3232 JUSTAPUBLICWANADDRESS extendable 3232
ip nat inside source static udp 192.168.1.64 3233 JUSTAPUBLICWANADDRESS extendable 3233
ip nat inside source static udp 192.168.1.64 3234 JUSTAPUBLICWANADDRESS extendable 3234
ip nat inside source static udp 192.168.1.64 3235 JUSTAPUBLICWANADDRESS extendable 3235
ip nat inside source static udp 192.168.1.64 3236 JUSTAPUBLICWANADDRESS extendable 3236
ip nat inside source static udp 192.168.1.64 3237 JUSTAPUBLICWANADDRESS extendable 3237
ip nat inside source static udp 192.168.1.64 3238 JUSTAPUBLICWANADDRESS extendable 3238
ip nat inside source static udp 192.168.1.64 3239 JUSTAPUBLICWANADDRESS extendable 3239
ip nat inside source static udp 192.168.1.64 3240 JUSTAPUBLICWANADDRESS extendable 3240
ip nat inside source static udp 192.168.1.64 3241 JUSTAPUBLICWANADDRESS extendable 3241
ip nat inside source static udp 192.168.1.64 3242 JUSTAPUBLICWANADDRESS extendable 3242
ip nat inside source static udp 192.168.1.64 3243 JUSTAPUBLICWANADDRESS extendable 3243
ip nat inside source static udp 192.168.1.64 3244 JUSTAPUBLICWANADDRESS extendable 3244
ip nat inside source static udp 192.168.1.64 3245 JUSTAPUBLICWANADDRESS extendable 3245
ip nat inside source static udp 192.168.1.64 3246 JUSTAPUBLICWANADDRESS extendable 3246
ip nat inside source static udp 192.168.1.64 3247 JUSTAPUBLICWANADDRESS extendable 3247
ip nat inside source static udp 192.168.1.64 3248 JUSTAPUBLICWANADDRESS extendable 3248
ip nat inside source static udp 192.168.1.64 3249 JUSTAPUBLICWANADDRESS extendable 3249
ip nat inside source static udp 192.168.1.64 3250 JUSTAPUBLICWANADDRESS extendable 3250
ip nat inside source static udp 192.168.1.64 3251 JUSTAPUBLICWANADDRESS extendable 3251
ip nat inside source static udp 192.168.1.64 3252 JUSTAPUBLICWANADDRESS extendable 3252
ip nat inside source static udp 192.168.1.64 3253 JUSTAPUBLICWANADDRESS extendable 3253
ip nat inside source static udp 192.168.1.64 3254 JUSTAPUBLICWANADDRESS extendable 3254
ip nat inside source static udp 192.168.1.64 3255 JUSTAPUBLICWANADDRESS extendable 3255
ip nat inside source static udp 192.168.1.64 3256 JUSTAPUBLICWANADDRESS extendable 3256
ip nat inside source static udp 192.168.1.64 3257 JUSTAPUBLICWANADDRESS extendable 3257
ip nat inside source static udp 192.168.1.64 3258 JUSTAPUBLICWANADDRESS extendable 3258
ip nat inside source static udp 192.168.1.64 3259 JUSTAPUBLICWANADDRESS extendable 3259
ip nat inside source static udp 192.168.1.64 3260 JUSTAPUBLICWANADDRESS extendable 3260
ip nat inside source static udp 192.168.1.64 3261 JUSTAPUBLICWANADDRESS extendable 3261
ip nat inside source static udp 192.168.1.64 3262 JUSTAPUBLICWANADDRESS extendable 3262
ip nat inside source static udp 192.168.1.64 3263 JUSTAPUBLICWANADDRESS extendable 3263
ip nat inside source static udp 192.168.1.64 3264 JUSTAPUBLICWANADDRESS extendable 3264
ip nat inside source static udp 192.168.1.64 3265 JUSTAPUBLICWANADDRESS extendable 3265
ip nat inside source static udp 192.168.1.64 3266 JUSTAPUBLICWANADDRESS extendable 3266
ip nat inside source static udp 192.168.1.64 3267 JUSTAPUBLICWANADDRESS extendable 3267
ip nat inside source static udp 192.168.1.64 3268 JUSTAPUBLICWANADDRESS extendable 3268
ip nat inside source static udp 192.168.1.64 3269 JUSTAPUBLICWANADDRESS extendable 3269
ip nat inside source static udp 192.168.1.64 3270 JUSTAPUBLICWANADDRESS extendable 3270
ip nat inside source static udp 192.168.1.64 3271 JUSTAPUBLICWANADDRESS extendable 3271
ip nat inside source static udp 192.168.1.64 3272 JUSTAPUBLICWANADDRESS extendable 3272
ip nat inside source static udp 192.168.1.64 3273 JUSTAPUBLICWANADDRESS extendable 3273
ip nat inside source static udp 192.168.1.64 3274 JUSTAPUBLICWANADDRESS extendable 3274
ip nat inside source static udp 192.168.1.64 3275 JUSTAPUBLICWANADDRESS extendable 3275
ip nat inside source static udp 192.168.1.64 3276 JUSTAPUBLICWANADDRESS extendable 3276
ip nat inside source static udp 192.168.1.64 3277 JUSTAPUBLICWANADDRESS extendable 3277
ip nat inside source static udp 192.168.1.64 3278 JUSTAPUBLICWANADDRESS extendable 3278
ip nat inside source static udp 192.168.1.64 3279 JUSTAPUBLICWANADDRESS extendable 3279
ip nat inside source static udp 192.168.1.64 3280 JUSTAPUBLICWANADDRESS extendable 3280
ip nat inside source static udp 192.168.1.64 3281 JUSTAPUBLICWANADDRESS extendable 3281
ip nat inside source static udp 192.168.1.64 3282 JUSTAPUBLICWANADDRESS extendable 3282
ip nat inside source static udp 192.168.1.64 3283 JUSTAPUBLICWANADDRESS extendable 3283
ip nat inside source static udp 192.168.1.64 3284 JUSTAPUBLICWANADDRESS extendable 3284
ip nat inside source static udp 192.168.1.64 3285 JUSTAPUBLICWANADDRESS extendable 3285
ip nat inside source static udp 192.168.1.64 3286 JUSTAPUBLICWANADDRESS extendable 3286
ip nat inside source static udp 192.168.1.64 3287 JUSTAPUBLICWANADDRESS extendable 3287
ip nat inside source static udp 192.168.1.64 3288 JUSTAPUBLICWANADDRESS extendable 3288
ip nat inside source static udp 192.168.1.64 3289 JUSTAPUBLICWANADDRESS extendable 3289
ip nat inside source static udp 192.168.1.64 3290 JUSTAPUBLICWANADDRESS extendable 3290
ip nat inside source static udp 192.168.1.64 3291 JUSTAPUBLICWANADDRESS extendable 3291
ip nat inside source static udp 192.168.1.64 3292 JUSTAPUBLICWANADDRESS extendable 3292
ip nat inside source static udp 192.168.1.64 3293 JUSTAPUBLICWANADDRESS extendable 3293
ip nat inside source static udp 192.168.1.64 3294 JUSTAPUBLICWANADDRESS extendable 3294
ip nat inside source static udp 192.168.1.64 3295 JUSTAPUBLICWANADDRESS extendable 3295
ip nat inside source static udp 192.168.1.64 3296 JUSTAPUBLICWANADDRESS extendable 3296
ip nat inside source static udp 192.168.1.64 3297 JUSTAPUBLICWANADDRESS extendable 3297
ip nat inside source static udp 192.168.1.64 3298 JUSTAPUBLICWANADDRESS extendable 3298
ip nat inside source static udp 192.168.1.64 3299 JUSTAPUBLICWANADDRESS extendable 3299
ip nat inside source static udp 192.168.1.64 3300 JUSTAPUBLICWANADDRESS extendable 3300
ip nat inside source static udp 192.168.1.64 3301 JUSTAPUBLICWANADDRESS extendable 3301
ip nat inside source static udp 192.168.1.64 3302 JUSTAPUBLICWANADDRESS extendable 3302
ip nat inside source static udp 192.168.1.64 3303 JUSTAPUBLICWANADDRESS extendable 3303
ip nat inside source static udp 192.168.1.64 3304 JUSTAPUBLICWANADDRESS extendable 3304
ip nat inside source static udp 192.168.1.64 3305 JUSTAPUBLICWANADDRESS extendable 3305
ip nat inside source static udp 192.168.1.64 3306 JUSTAPUBLICWANADDRESS extendable 3306
ip nat inside source static udp 192.168.1.64 3307 JUSTAPUBLICWANADDRESS extendable 3307
ip nat inside source static udp 192.168.1.64 3308 JUSTAPUBLICWANADDRESS extendable 3308
ip nat inside source static udp 192.168.1.64 3309 JUSTAPUBLICWANADDRESS extendable 3309
ip nat inside source static udp 192.168.1.64 3310 JUSTAPUBLICWANADDRESS extendable 3310
ip nat inside source static udp 192.168.1.64 3311 JUSTAPUBLICWANADDRESS extendable 3311
ip nat inside source static udp 192.168.1.64 3312 JUSTAPUBLICWANADDRESS extendable 3312
ip nat inside source static udp 192.168.1.64 3313 JUSTAPUBLICWANADDRESS extendable 3313
ip nat inside source static udp 192.168.1.64 3314 JUSTAPUBLICWANADDRESS extendable 3314
ip nat inside source static udp 192.168.1.64 3315 JUSTAPUBLICWANADDRESS extendable 3315
ip nat inside source static udp 192.168.1.64 3316 JUSTAPUBLICWANADDRESS extendable 3316
ip nat inside source static udp 192.168.1.64 3317 JUSTAPUBLICWANADDRESS extendable 3317
ip nat inside source static udp 192.168.1.64 3318 JUSTAPUBLICWANADDRESS extendable 3318
ip nat inside source static udp 192.168.1.64 3319 JUSTAPUBLICWANADDRESS extendable 3319
ip nat inside source static udp 192.168.1.64 3320 JUSTAPUBLICWANADDRESS extendable 3320
ip nat inside source static udp 192.168.1.64 3321 JUSTAPUBLICWANADDRESS extendable 3321
ip nat inside source static udp 192.168.1.64 3322 JUSTAPUBLICWANADDRESS extendable 3322
ip nat inside source static udp 192.168.1.64 3323 JUSTAPUBLICWANADDRESS extendable 3323
ip nat inside source static udp 192.168.1.64 3324 JUSTAPUBLICWANADDRESS extendable 3324
ip nat inside source static udp 192.168.1.64 3325 JUSTAPUBLICWANADDRESS extendable 3325
ip nat inside source static udp 192.168.1.64 3326 JUSTAPUBLICWANADDRESS extendable 3326
ip nat inside source static udp 192.168.1.64 3327 JUSTAPUBLICWANADDRESS extendable 3327
ip nat inside source static udp 192.168.1.64 3328 JUSTAPUBLICWANADDRESS extendable 3328
ip nat inside source static udp 192.168.1.64 3329 JUSTAPUBLICWANADDRESS extendable 3329
ip nat inside source static udp 192.168.1.64 3330 JUSTAPUBLICWANADDRESS extendable 3330
ip nat inside source static udp 192.168.1.64 3331 JUSTAPUBLICWANADDRESS extendable 3331
ip nat inside source static udp 192.168.1.64 3332 JUSTAPUBLICWANADDRESS extendable 3332
ip nat inside source static udp 192.168.1.64 3333 JUSTAPUBLICWANADDRESS extendable 3333
ip nat inside source static udp 192.168.1.64 3334 JUSTAPUBLICWANADDRESS extendable 3334
ip nat inside source static udp 192.168.1.64 3335 JUSTAPUBLICWANADDRESS extendable 3335
ip nat inside source static udp 192.168.1.64 3336 JUSTAPUBLICWANADDRESS extendable 3336
ip nat inside source static udp 192.168.1.64 3337 JUSTAPUBLICWANADDRESS extendable 3337
ip nat inside source static udp 192.168.1.64 3338 JUSTAPUBLICWANADDRESS extendable 3338
ip nat inside source static udp 192.168.1.64 3339 JUSTAPUBLICWANADDRESS extendable 3339
ip nat inside source static udp 192.168.1.64 3340 JUSTAPUBLICWANADDRESS extendable 3340
ip nat inside source static udp 192.168.1.64 3341 JUSTAPUBLICWANADDRESS extendable 3341
ip nat inside source static udp 192.168.1.64 3342 JUSTAPUBLICWANADDRESS extendable 3342
ip nat inside source static udp 192.168.1.64 3343 JUSTAPUBLICWANADDRESS extendable 3343
ip nat inside source static udp 192.168.1.64 3344 JUSTAPUBLICWANADDRESS extendable 3344
ip nat inside source static udp 192.168.1.64 3345 JUSTAPUBLICWANADDRESS extendable 3345
ip nat inside source static udp 192.168.1.64 3346 JUSTAPUBLICWANADDRESS extendable 3346
ip nat inside source static udp 192.168.1.64 3347 JUSTAPUBLICWANADDRESS extendable 3347
ip nat inside source static udp 192.168.1.64 3348 JUSTAPUBLICWANADDRESS extendable 3348
ip nat inside source static udp 192.168.1.64 3349 JUSTAPUBLICWANADDRESS extendable 3349
ip nat inside source static udp 192.168.1.64 3350 JUSTAPUBLICWANADDRESS extendable 3350
ip nat inside source static udp 192.168.1.64 3351 JUSTAPUBLICWANADDRESS extendable 3351
ip nat inside source static udp 192.168.1.64 3352 JUSTAPUBLICWANADDRESS extendable 3352
ip nat inside source static udp 192.168.1.64 3353 JUSTAPUBLICWANADDRESS extendable 3353
ip nat inside source static udp 192.168.1.64 3354 JUSTAPUBLICWANADDRESS extendable 3354
ip nat inside source static udp 192.168.1.64 3355 JUSTAPUBLICWANADDRESS extendable 3355
ip nat inside source static udp 192.168.1.64 3356 JUSTAPUBLICWANADDRESS extendable 3356
ip nat inside source static udp 192.168.1.64 3357 JUSTAPUBLICWANADDRESS extendable 3357
ip nat inside source static udp 192.168.1.64 3358 JUSTAPUBLICWANADDRESS extendable 3358
ip nat inside source static udp 192.168.1.64 3359 JUSTAPUBLICWANADDRESS extendable 3359
ip nat inside source static udp 192.168.1.64 3360 JUSTAPUBLICWANADDRESS extendable 3360
ip nat inside source static udp 192.168.1.64 3361 JUSTAPUBLICWANADDRESS extendable 3361
ip nat inside source static udp 192.168.1.64 3362 JUSTAPUBLICWANADDRESS extendable 3362
ip nat inside source static udp 192.168.1.64 3363 JUSTAPUBLICWANADDRESS extendable 3363
ip nat inside source static udp 192.168.1.64 3364 JUSTAPUBLICWANADDRESS extendable 3364
ip nat inside source static udp 192.168.1.64 3365 JUSTAPUBLICWANADDRESS extendable 3365
ip nat inside source static udp 192.168.1.64 3366 JUSTAPUBLICWANADDRESS extendable 3366
ip nat inside source static udp 192.168.1.64 3367 JUSTAPUBLICWANADDRESS extendable 3367
ip nat inside source static udp 192.168.1.64 3368 JUSTAPUBLICWANADDRESS extendable 3368
ip nat inside source static udp 192.168.1.64 3369 JUSTAPUBLICWANADDRESS extendable 3369
ip nat inside source static udp 192.168.1.64 3370 JUSTAPUBLICWANADDRESS extendable 3370
ip nat inside source static udp 192.168.1.64 3371 JUSTAPUBLICWANADDRESS extendable 3371
ip nat inside source static udp 192.168.1.64 3372 JUSTAPUBLICWANADDRESS extendable 3372
ip nat inside source static udp 192.168.1.64 3373 JUSTAPUBLICWANADDRESS extendable 3373
ip nat inside source static udp 192.168.1.64 3374 JUSTAPUBLICWANADDRESS extendable 3374
ip nat inside source static udp 192.168.1.64 3375 JUSTAPUBLICWANADDRESS extendable 3375
ip nat inside source static udp 192.168.1.64 3376 JUSTAPUBLICWANADDRESS extendable 3376
ip nat inside source static udp 192.168.1.64 3377 JUSTAPUBLICWANADDRESS extendable 3377
ip nat inside source static udp 192.168.1.64 3378 JUSTAPUBLICWANADDRESS extendable 3378
ip nat inside source static udp 192.168.1.64 3379 JUSTAPUBLICWANADDRESS extendable 3379
ip nat inside source static udp 192.168.1.64 3380 JUSTAPUBLICWANADDRESS extendable 3380
>>>

HTHs

0 Helpful

aklgtl
Level 1
Level 1
In response to Hector Gustavo Serrano Gutierrez

‎05-14-2020 09:10 AM

Well writing a script to produce the rules for me I think is the easy way out of this.

It is a solution if everything else fails but if there is an alternative suggestion I prefer to try this before adding all these rules.

Nevertheless, thank you.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card