Cisco 867 forward UDP port range

ciscocisco-commandsnat;

I need to forward an UDP port range to a specific private IP address in my LAN.

In order to forward one port to an internal IP I do:

access-list <acc_list_number> permit <port_type> any any eq <port_number>
ip nat inside source static <port_type> <internal_IP> <port_number> interface <outside_interface> <port_number>

However, I run into problems when I need to forward a range of ports, such as UDP 40000-42000 to a single internal IP.

I tried this command:

ip nat pool voice 192.168.0.50 192.168.0.50 netmask 255.255.255.0 type rotary
access-list 102 permit udp any any range 40000 42000
ip nat inside destination list 102 pool voice

But it seems to only work with TCP ports and not UDP ones.

What's the best way to forward an UDP port range?

Best Answer

Try

ip nat inside source static <internal_IP> <external_IP> route-map MOO
!
route-map MOO permit 100
  match ip address 102
route-map MOO deny 200
!

I feel your own example probably should work, at least I couldn't immediately think of why not, so might be bug.

Review CCO Document for the command, namely:

Only IP hosts that are part of the route-map configuration will allow outside sessions.

Best Answer

Related Solutions

Cisco IOS outbound filtering

Cisco ASA 5505 stop passing traffic randomly

Related Topic