ip nat inside source static 192.168.1.10 10.10.10.9 route-map RANGE
!
route-map RANGE permit 100
match ip address 102
!
access-list 102 permit tcp host 192.168.1.10 range 3000 3389 any
The configuration does not seem to work.. just creates a one to one static NAT…
Does any one know how to open range of ports?
I have multiple external IPs and would like to open same ports for multiple hosts using multiple external ip's and because of that the rotary method does not work.
Best Answer
(EDIT)
It seems that inside->outside works as expected, as seen in the answer below, but outside->inside actually does not, it allows everything, as OP suggested.
Adding 'reversible' in the NAT line it starts to honor the route-map for outside->inside, unfortunately it does not seem to work with ports:
At '194.100.7.226' I'm doing 'telnet 91.198.120.222 80', that is my source is 194.100.7.226:ephemeral destination is 91.198.120.222:80. As the example #1 works, we can conclude that reversible actually 'reverses' the ACL, so that it works in same manner both directions, which makes sense.
When the the connection match but does not work, in 'deny any any log-input line I get this:
So it really seems like L4 protocol type is carried, but ports are not carried during the NAT reversal. So outside->inside ranges do not work.
As suggested in question Cisco 867 forward UDP port range this works for outside->inside
It's bit ghetto I feel, as you don't have good control on the outside IP. Pool is the inside IP, outside IP is router outside IP.
Original answer of inside->outside working with ports:
@91.198.120.2 I'm doing:
At testhost I can observe:
Tested on: