Cisco NAT range ports

This article describes how to open a range port from outside to an inside server.

fa0/0 is public interface
Public interface has IP address 222.10.10.1
fa0/1 is lan interface
LAN network is 192.168.99.0/24

Create an extended acl

R1(config)#ip access-list extended NAT_SERVER1
r0(config-ext-nacl)#permit tcp host 192.168.99.10 range 40000 60000 any
r0(config-ext-nacl)#permit udp host 192.168.99.10 range 40000 60000 any
r0(config-ext-nacl)#exit

Associate the acl to the route-map

R1(config)#route-map NAT_SERVER1_RULES per 10
R1(config)#match ip address NAT_SERVER1

Finaly nat with route-map

R1(config)#ip nat inside source static 192.168.45.10 222.10.10.1 route-map NAT_SERVER1

Leave a Reply