Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1858
Views
5
Helpful
1
Replies

Configure static NAT for range of ports

Austin Rivet
Level 1
Level 1

‎09-29-2014 07:22 PM - edited ‎03-07-2019 08:55 PM

Hi,

I have a 2911 with a 3CX IP PBX behind it that needs to have a static NAT to the 3CX server for TCP/UDP 5060 and UDP 9000-9049. Do I have to create a static NAT entry for every single port in order for this to work, or can a range be defined in the NAT entries?

As an example, say my 3CX server has an internal IP of 192.168.1.25 and my external IP is 1.2.3.4. Would I have to create an entry for each port?

ip nat inside source static tcp 192.168.1.25 5060 1.2.3.4 5060
ip nat inside source static udp 192.168.1.25 5060 1.2.3.4 5060
ip nat inside source static udp 192.168.1.25 9000 1.2.3.4 9000
ip nat inside source static udp 192.168.1.25 9001 1.2.3.4 9001

and so on...

Is this the correct way to do it, or is there another better way?

Also, I only have one public IP to work with, and there are multiple other hosts on this network that need to have access to the internet. Right now I have NAT setup with overload so that the other hosts can get to the Internet. Here's my config for that:

ip nat pool PATPOOL 1.2.3.4 1.2.3.4 netmask 255.255.255.252
ip nat inside source list NAT_ACL pool PATPOOL overload     

!
ip access-list standard NAT_ACL
 remark PAT to outside
 permit 192.168.1.0 0.0.0.255
 exit
 

My question with this is will the static NAT work if I already have NAT overload configured as above?

Thanks for the help in advance.

Austin

PS here is 3CX documentation on this subject http://www.3cx.com/blog/voip-howto/cisco-voip-configuration/

1 person had this problem
Labels:
0 Helpful
1 Reply 1

Austin Rivet
Level 1
Level 1

‎02-11-2015 08:07 AM

I ended up creating a static NAT entry for each individual port mapping. This worked just as it was supposed to. 

I have seen examples of people using route maps and ACLs to accomplish forwarding a range ports. I have yet to see official documentation from Cisco on this, and in some cases those examples did not seem to work correctly.

ASAs with the latest code have the ability to forward a range of ports, but based on my research IOS lacks this feature.

In my case, forwarding 50 ports wasn't so bad. However, if you have hundreds or thousands of ports to forward you may want to try the route map/ACL approach.

Hopefully this information useful to others. 

 

Customers Also Viewed These Support Documents