Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1055
Views
0
Helpful
7
Replies

udp nat range port

Krasnoperov
Level 1
Level 1

‎10-28-2011 04:38 AM - edited ‎03-04-2019 02:05 PM

Hello Cisco Employe&Experts

I have a question which lot of your customer bother (IMHO), when dnat function will work for UDP connection, my goal is do destination NAT for range of UDP port, it works for TCP, and work grate, why&when this will work for UDP?

ip nat pool P2P <inside IP> <inside IP> netmask 255.255.255.0 type rotary

-           ip nat inside destination list 111 pool P2P

-           access-list 111 permit tcp any any range 2000 2100

I found this

CSCsk86712 and status is closed

Labels:
0 Helpful
7 Replies 7

cadet alain
VIP Alumni
VIP Alumni

‎10-28-2011 06:09 AM

Hi,

you want a range of udp ports to be published on the internet?

Then you can use the ACL with the range keyword as above but for udp

access-list 111 permit udp host 192.168.1.1 any range 2000 2100

call it inside a route-map like this:

route-map UDP_PORTS

match ip address 111

Then ip nat inside static route-map UDP_PORTS interface

Alain.

Don't forget to rate helpful posts.
0 Helpful

Krasnoperov
Level 1
Level 1
In response to cadet alain

‎10-31-2011 04:58 AM

at least

ip nat inside static route-map UDP_PORTS poll IP

ip nat pool IP 1.1.1.1 1.1.1.1 netmask 255.255.255.252

this construction does'n work

0 Helpful

cadet alain
VIP Alumni
VIP Alumni
In response to Krasnoperov

‎10-31-2011 05:03 AM

Did you try the one I proposed?

Alain.

Don't forget to rate helpful posts.
0 Helpful

Krasnoperov
Level 1
Level 1
In response to cadet alain

‎10-31-2011 05:23 AM

Yes,

but in my case global address on which clients comes from internet on udp ports (range udp 51000 54000) is secondary on interface

interface g0/1.300

ip address 1.1.1.2 255.255.255.0

ip address 1.1.1.1 255.255.255.0 secondary

ip nat inside static route-map UDP_PORTS interface g0/1.300

no translations in NAT table when someone come from internet to udp 1.1.1.1:52111

0 Helpful

cadet alain
VIP Alumni
VIP Alumni
In response to Krasnoperov

‎10-31-2011 05:31 AM

Hi,

so replace the interface keyword with the secondary address and tell me if it works.

Alain.

Don't forget to rate helpful posts.
0 Helpful

Krasnoperov
Level 1
Level 1
In response to cadet alain

‎10-31-2011 05:39 AM

XXX(config)#ip nat inside so route-map UDP_PORTS ?

  interface  Specify interface for global address

  pool       Name pool of global addresses

In my IOS it does't allow type IP(A.B.C.D) after route-map NAME, only pool NAME, and this I try, see my post #2 with pool

0 Helpful

Krasnoperov
Level 1
Level 1
In response to cadet alain

‎11-01-2011 04:48 AM

any ideas?

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card