Port forward/Nat configuration

johnny.schultz · ‎03-14-2011

We need to port forward group of outside IPs to an inside server and want to do this with as few commands as possible. I have it working with some static port forwarding command but want to know if I can consolidate these commands into fewer commands. Here is what I have:

ip nat inside source static tcp 10.0.3.37 21 200.0.0.33 21
ip nat inside source static tcp 10.0.3.37 80 200.0.0.33 80
ip nat inside source static tcp 10.0.3.37 443 200.0.0.33 443

ip nat inside source static tcp 10.0.3.37 21 200.0.0.34 21
ip nat inside source static tcp 10.0.3.37 80 200.0.0.34 80
ip nat inside source static tcp 10.0.3.37 443 200.0.0.34 443

ip nat inside source static tcp 10.0.3.37 21 200.0.0.65 21
ip nat inside source static tcp 10.0.3.37 80 200.0.0.65 80
ip nat inside source static tcp 10.0.3.37 443 200.0.0.65 443

ip nat inside source static tcp 10.0.3.37 21 200.0.0.66 21
ip nat inside source static tcp 10.0.3.37 80 200.0.0.66 80
ip nat inside source static tcp 10.0.3.37 443 200.0.0.66 443

So that should be enough to understand what we want to accomplish but if there are any further questions, please let me know. I took a look at TCP load distribution NAT, however we do not want to allow all ports to the inside host. If someone could provide their thoughts, I would appreciate it. Thank you.

-Johnny

Mani Ganesan · ‎03-14-2011

Hi Johnny,

The feature for forwarding a range of UDP ports is not supported on Cisco IOS.  
An enhancement request has been filed for this already.

You could try this workaround below; however it does not work all the time I try.

ip nat inside source static x.x.x.x y.y.y.y  route-map NAT reversible

access-list 101 permit udp any any range X Y

route-map NAT permit 10
match ip add 101

HTH,

Mani

scottposey1412 · ‎11-11-2014

I am having a similar problem. How can I forward any outside address to a specific inside address and port?