Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
317
Views
0
Helpful
2
Replies

Port range forwarding and VPN

Derdo
Level 1
Level 1

‎10-08-2018 05:52 AM

Hello Techs,

for our customer PBX I have to forwad ports from 9,000 to 10,999.  I tried to do it with the route-map command and an ACL, but in this case all site-to-site VPN connections are disconnected.


Public ip address: 96.76.166.76
PBX ip address: 172.16.164.1


Here is an excerpt from the configuration:
 
interface GigabitEthernet8
ip address 96.76.166.76 255.255.255.252
ip nat outside
!
interface GigabitEthernet6
switchport access vlan 75
no ip address
!
interface Vlan75
ip address 172.16.164.254 255.255.255.0
ip nat inside
!
ip nat inside source route-map SDM_RMAP_1 interface GigabitEthernet8 overload
ip nat inside source static udp 172.16.164.1 5060 96.76.166.76 5060 extendable
!
route-map SDM_RMAP_1 permit 1
match ip address 104
!
access-list 104 deny   ip 172.16.166.0 0.0.0.255 172.16.174.0 0.0.0.255
access-list 104 deny   ip 10.7.0.0 0.0.0.255 172.16.176.0 0.0.0.255
access-list 104 deny   ip 172.16.166.0 0.0.0.255 172.16.176.0 0.0.0.255
access-list 104 deny   ip 10.7.0.0 0.0.0.255 172.16.168.0 0.0.0.255
access-list 104 deny   ip 172.16.166.0 0.0.0.255 172.16.168.0 0.0.0.255
access-list 104 deny   ip 10.7.0.0 0.0.0.255 172.16.169.0 0.0.0.255
access-list 104 deny   ip 172.16.166.0 0.0.0.255 172.16.169.0 0.0.0.255
access-list 104 deny   ip 10.7.0.0 0.0.0.255 172.16.170.0 0.0.0.255
access-list 104 deny   ip 172.16.166.0 0.0.0.255 172.16.170.0 0.0.0.255
access-list 104 deny   ip 10.7.0.0 0.0.0.255 172.16.171.0 0.0.0.255
access-list 104 deny   ip 172.16.166.0 0.0.0.255 172.16.171.0 0.0.0.255
access-list 104 deny   ip 10.7.0.0 0.0.0.255 172.16.172.0 0.0.0.255
access-list 104 deny   ip 172.16.166.0 0.0.0.255 172.16.172.0 0.0.0.255
access-list 104 deny   ip 10.7.0.0 0.0.0.255 172.16.173.0 0.0.0.255
access-list 104 deny   ip 172.16.166.0 0.0.0.255 172.16.173.0 0.0.0.255
access-list 104 deny   ip 10.7.0.0 0.0.0.255 172.16.175.0 0.0.0.255
access-list 104 deny   ip 172.16.166.0 0.0.0.255 172.16.175.0 0.0.0.255
access-list 104 deny   ip 10.7.0.0 0.0.0.255 172.16.177.0 0.0.0.255
access-list 104 deny   ip 172.16.166.0 0.0.0.255 172.16.177.0 0.0.0.255
access-list 104 deny   ip 10.7.0.0 0.0.0.255 172.16.178.0 0.0.0.255
access-list 104 deny   ip 172.16.166.0 0.0.0.255 172.16.178.0 0.0.0.255
access-list 104 deny   ip 10.7.0.0 0.0.0.255 172.16.179.0 0.0.0.255
access-list 104 deny   ip 172.16.166.0 0.0.0.255 172.16.179.0 0.0.0.255
access-list 104 deny   ip 172.16.166.0 0.0.0.255 192.168.3.0 0.0.0.255
access-list 104 deny   ip 172.16.166.0 0.0.0.255 172.16.180.0 0.0.0.255
access-list 104 deny   ip 10.7.0.0 0.0.0.255 172.16.180.0 0.0.0.255
access-list 104 deny   ip 172.16.166.0 0.0.0.255 172.16.181.0 0.0.0.255
access-list 104 deny   ip 10.7.0.0 0.0.0.255 172.16.181.0 0.0.0.255
access-list 104 permit ip 172.16.165.0 0.0.0.255 any
access-list 104 permit ip 172.16.10.0 0.0.0.255 any
access-list 104 permit ip 172.16.166.0 0.0.0.255 any
access-list 104 permit ip 172.16.164.0 0.0.0.255 any


Here the attempt to implement it.

ip nat inside source static 172.16.164.1 96.76.166.76 route-map SDM_RMAP_2
!
route-map SDM_RMAP_2 permit 10
match ip address 106
!
access-list 106 permit udp 172.16.164.1 any range 9000 10999


Many thanks in advance for your contributions.

Labels:
0 Helpful
2 Replies 2

balaji.bandi
Hall of Fame
Hall of Fame

‎10-08-2018 02:05 PM

Can you post full configuration to review.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Derdo
Level 1
Level 1
In response to balaji.bandi

‎10-08-2018 11:29 PM

Thanks for your feedback.

You can find the whole configuration in the attached file.

Preview file
32 KB
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card