Preserve Source Port through NAT

jnewton31 · ‎03-27-2015

Hi All,

We are having problems with some of our NAT translations. We need to router to preserve the source port of the outbound connection, but instead it is generating a random source port for each translation (highlighted in bold):

udp 217.x.x.x:17127 192.168.55.71:8061 84.x.x.x:8060 84.x.x.x:8060

I believe the port-randomisation feature was brought in with IOS 12.4, but I don't think I can disable this feature on the IOS I am using. Is there any way I can create a static translation which preserves the source port? Any help would be greatly appreciated.

Plaform: cisco ASR1002

IOS: 15.4(3)S2

Vasilii Mikhailovskii · ‎03-28-2015

Hello.

Do you need to preserve the port just for some ports/host or for all of them?

If for some specific ports, then I believe you need source static port translation for this, like following:

ip nat inside source static tcp 192.168.55.71 8061 217.x.x.x 8061 [no-payload]

If you want to preserve for all, then what should the router do if 2 hosts are using the same source port? In this case dynamic NAT could help.

jnewton31 · ‎04-07-2015

These are for phones on the internal network, they will be contacting a remote server, and each phone has been configured to use a unique source port for the outbound connection. This allows the server to identify each individual phone when the connection comes in (it also means that no two phones should be using the same source port, so PAT should have no need to alter these).

The translation you mentioned would appear to create a static inbound translation, forcing all inbound connections on 8061 to the same port on an internal host, I'm trying to achieve the opposite, forcing a the outbound connections source port to not be altered.