cbillips
asked on
Can I use IP Nat Source command with multiple port numbers
Here is the problem,
I have a server behind a cisco 7206 router. I'm using Cisco Nat static command to map outside ports to an internal server. This particular server must expose a range of ports to the internet, let's say ports 1024 thru 2048.
I know that I can use the following command to do this on port at a time:
ip nat inside source static tcp "inside_ip" 1024 "outside_ip" 1024 extendable
ip nat inside source static tcp "inside_ip" 1025 "outside_ip" 1025 extendable
etc..........
This works fine and I understand how nat works, but what a pain to enter in 1000 CLI entries. Is there anyway to use a range of ports?
I have a server behind a cisco 7206 router. I'm using Cisco Nat static command to map outside ports to an internal server. This particular server must expose a range of ports to the internet, let's say ports 1024 thru 2048.
I know that I can use the following command to do this on port at a time:
ip nat inside source static tcp "inside_ip" 1024 "outside_ip" 1024 extendable
ip nat inside source static tcp "inside_ip" 1025 "outside_ip" 1025 extendable
etc..........
This works fine and I understand how nat works, but what a pain to enter in 1000 CLI entries. Is there anyway to use a range of ports?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Ok, I get what you're saying. One last questiion. How do I assign multiple IP's to my outside Serial interface? I've got one assigned, let's call it 69.43.62.xx. My ISP has give me a routeable block, so I need to used a number of of the block. Let's say one of the ip I'll pick is 69.43.39.xx.
I'll use the 69.43.62.xx to due my one to one static translations to an inside ip address, lets say 192.168.4.10.
Now I need to use 69.43.39.xx to map the port range for translation. Can you guys give me an example of this?
I'll use the 69.43.62.xx to due my one to one static translations to an inside ip address, lets say 192.168.4.10.
Now I need to use 69.43.39.xx to map the port range for translation. Can you guys give me an example of this?
> How do I assign multiple IP's to my outside Serial interface?
Two different ways..
1) assuming you already have an IP address on the interface, and the ISP gave you a "routeable block" in addition to the serial IP that you already have, then you just use the IP's of the block in your static nat maps.
2) By simply assigning one IP of the rotueable block to the serial IP and using the appropriate mask, then the rest of that block is still available to be natted
Here's what I would do:
interface serial 0/0
ip address 69.43.62.2 255.255.255.252 <== assigned by the ISP
ip access-group 110 in
ip nat outside
interface fast0/0
ip address 192.168.4.1 255.255.255.0
ip nat inside
ip nat inside source static 192.168.4.10 69.43.39.x
access-list 110 permit tcp any host 69.43.39.x range 1024-2048
Two different ways..
1) assuming you already have an IP address on the interface, and the ISP gave you a "routeable block" in addition to the serial IP that you already have, then you just use the IP's of the block in your static nat maps.
2) By simply assigning one IP of the rotueable block to the serial IP and using the appropriate mask, then the rest of that block is still available to be natted
Here's what I would do:
interface serial 0/0
ip address 69.43.62.2 255.255.255.252 <== assigned by the ISP
ip access-group 110 in
ip nat outside
interface fast0/0
ip address 192.168.4.1 255.255.255.0
ip nat inside
ip nat inside source static 192.168.4.10 69.43.39.x
access-list 110 permit tcp any host 69.43.39.x range 1024-2048
What you can do though is get a seperate public IP address and do a "one to one" NAT instead. This will forward all ports to the inside server. You could then use ACL entries to restrict the range of ports destined to the inside server.