Buy or Renew
Buy or Renew
Cisco + Splunk: Itā€™s a new day for your data. Learn more.
Ā 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 
cancel
Start a conversation
2084
Views
1
Helpful
2
Replies

How to forward a range of ports on Cisco 881?

CSCO12712564
Level 1
Level 1

ā€Ž04-20-2016 02:05 AM - edited ā€Ž03-08-2019 05:25 AM

Hello.

We have 3 sites with SIP server in one office and VoIP phones with internal numbers in other two. We've got a little problem with Asterisk server in our local network. Company, who set it up, says, that we need 5060 and 10000-20000 ports forwarded from Internet to this server. I also heard, that on Cisco IOS we can just forward 5060 port, and the router could forward right RTP ports for us. But it wasn't work. Phones in central site (with Asterisk server) worked, but in two other offices people can't hear anything. Also i tried to turn off that feature (no ip nat service sip port 5060). Same result. I also tried this construction :

ip nat pool POOL1 192.168.1.1 192.168.1.1 netmask 255.255.255.0 type rotary

ip nat inside destination list 101 pool POOL1

access-list 101 permit tcp any any range 10000 20000

But i've got the same result. I came into despair and tried to forward those damn ports with static entries, just like they binded on VoIP phones. With some success, two offices can normally have a conversations, but in one office people can hear a voice, but we can't hear them.

My question is, how on Cisco router can we forward a range of ports to internal IP?

I attached config of Cisco 881 (gateway in office with SIP server) to clarify this situation.

Labels:
Preview file
9 KB
0 Helpful
2 Replies 2

Mark Malone
VIP Alumni
VIP Alumni

ā€Ž04-20-2016 02:39 AM

Maybe something like this

ip nat inside source list 110 interface dialer1 overload

access-list 110 permit ip 192.168.1.0 0.0.0.255 any

access-list 110 permit tcp host 192.168.1.36 any range 10000 11800

CSCO12712564
Level 1
Level 1
In response to Mark Malone

ā€Ž04-20-2016 03:12 AM

ip nat inside source list 110 interface dialer1 overload

access-list 110 permit ip 192.168.1.0 0.0.0.255 any

access-list 110 permit tcp host 192.168.1.36 any range 10000 11800

I think your advice is to give access from host to Internet. And first line in this ACL will give all access to all hosts in subnet 192.168.1.0.  Our mission is to give access from internet to host, on ports 5060 and 10000-20000. Another words, for the Internet host will be available on ports:

205.33.185.35:5506

205.33.185.35:10001

205.33.185.35:11800

And when we try to give access on port 10001 to address 205.33.185.35 we'll go to the host 192.168.1.36:10001

With your solution, for the Internet, when we try get access to port 10001, we will go to the router, with te external address 205.33.185.35. It will not work with Asterisk server.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card