Help: Forward static Port Range to specific IP.

Manuel Nin · ‎01-24-2014

Hi. I need help, i tried searching the web for possibles answers but at the moment, I can't solve the case.

I have a PBX running at: 192.168.10.99

I want to Forward all the incoming traffic from interface Dialer0 in the the UDP range: 10000 to 20000.

In my Cisco SOHO 97, i have this part of config

ip classless

ip route 0.0.0.0 0.0.0.0 Dialer0

no ip http server

no ip http secure-server

!

ip nat inside source list 102 interface Dialer0 overload

ip nat inside source static tcp 192.168.10.1 23 interface Dialer0 23

ip nat inside source static tcp 192.168.10.99 5060 interface Dialer0 5060

!

access-list 102 permit ip any any

dialer-list 1 protocol ip permit

Julio Carvajal · ‎01-24-2014

Hello Manuel,

There have been several posts about how to perform a Port Range NAT for a specific IP address. I have tried several times in the past with no success.

Only way has been line by line for port-forwarding.

Regards,

Jcarvaja

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

Manuel Nin · ‎01-24-2014

How can I do that?

Julio Carvajal · ‎01-24-2014

Hello Manuel,

Would be going each port to each port with a command such as

ip nat inside source static tcp 192.168.10.99 5060 interface Dialer0 5060

Do you have another IP address available, that would make things really easy. Otherwise well you will need to configure that range (with an excell sheet is not that difficult)

Regards

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

Manuel Nin · ‎01-24-2014

If I do it manually in the router I will need to write 10,000 Lines :S

Range: 10,000 to 20,000 :S

I had opened the port 5060

Julio Carvajal · ‎01-24-2014

Hello,

Exactly Manuel, Does not make that much sense right?

That's why a dedicated IP address will be need it.

Looking for some Networking Assistance?
Contact me directly at jcarvaja@laguiadelnetworking.com

I will fix your problem ASAP.

Cheers,

Julio Carvajal Segura
http://laguiadelnetworking.com

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

Manuel Nin · ‎01-24-2014

Hablo Espanol. Soy Latino.

Carvaja, dame una ayudita hay, es que tengo una oficinita pequena y estoy configurando para tener acceso a la PBX.

Te lo agradeceria hermano.

Si quieres te habilito acceso al router por 5 Minutos para que me lo configures

Julio Carvajal · ‎01-24-2014

Hola Manuel,

Pues no hay mucho en lo que te pueda ayudar pq como te dije vas a ocupar un dispositivo que te permita hacer un NAT con rango de puertos o tener una IP dedicada.

Intenta esto:

http://evilrouters.net/2010/05/25/port-forwarding-a-range-of-ports-on-cisco-ios/

Pero lo he intentando antes sin resultados positivos

Looking for some Networking Assistance?
Contact me directly at jcarvaja@laguiadelnetworking.com

I will fix your problem ASAP.

Cheers,

Julio Carvajal Segura
http://laguiadelnetworking.com

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

cadet alain · ‎01-25-2014

Hi Julio,

For TCP port forwarding, the rotary pool feature works well, I've tested it multiple times with success but indeed for UDP I saw a lot of posts on the Internet telling about using a route-map in the static NAT entry but I could never make it work either.

Wouldn't a static NAT entry along with an access-list on the WAN interface would solve the problem of having to do multiple static PAT entries ?

Regards

Alain

Don't forget to rate helpful posts.