Solved: NAT for pbx remote registration from internet

mdehsan230564 · ‎11-01-2020

Dear Sir,

My IP-PBX ip is 192.168.10.85, I am using DDNS to reach my isp modem router. I forwarded all my traffic from isp router to cisco router isr 4331. Now I want to forward port 5060 to 192.168.10.85 from wan interface ge/0/0/1

also ports 6023 from wan interface to pbx 192.168.10.85 udp port 5060. And for RTP port ranging from udp port 10000 to 12000 to pbx 192.168.10.85. how to port forward 10000 to 12000 to 192.168.10.85. We cannot type 2000 command for between 10000 to 120000. My WAN interface getting ip from isp router through dhcp.

paul driver · ‎11-01-2020

Hello

@mdehsan230564 wrote:

Now I want to forward port 5060 to 192.168.10.85 from wan interface ge/0/0/1

also ports 6023 from wan interface to pbx 192.168.10.85 udp port 5060.

And for RTP port ranging from udp port 10000 to 12000 to pbx 192.168.10.85. how to port forward 10000 to 12000

Possibly try and test the following:

ip access-list standard 1
deny 192.168.10.85
permit 192.168.10.0

ip access-list extended 100
permit udp host 192.168.10.85 any range 10000 12000

route-map UDP-NAT permit 10
match ip address 100

ip nat inside source list 1 interface ge0/0/1
ip nat inside source static 192.168.10.85 5060 interface ge0/0/1 6023
ip nat inside source static 192.168.10.85 <isprtr> route-map UDP-NAT

or
ip nat inside source route-map UDP-NAT interface ge0/0/1

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

View solution in original post

Georg Pauwen · ‎11-01-2020

Hello,

are you talking about a UDP or TCP range ? For a TCP range, you can use a route map:

access-list 101 permit tcp any any range 10000 12000
!
route-map TCP_RANGE permit 10
match ip address 101
!
ip nat inside source static route-map TCP_RANGE interface GigabitEThernet0/0/1

If you try to NAT a UDP range, it used to be that there was no other way than to use one static entry per port, e.g.:

ip nat inside source static udp 192.168.10.85 5060 interface GigabitEthernet0/0/1 6023

However, somewhere in XE Gibraltar, the command described below was introduced:

https://content.cisco.com/chapter.sjs?uri=/searchable/chapter/content/en/us/td/docs/ios-xml/ios/ipaddr_nat/configuration/xe-16-12/nat-xe-16-12-book/nat-xe-16-book_chapter_011101.html.xml

paul driver · ‎11-01-2020