«

I need to NAT a range of ports from a public IP to a private IP. I
typically use the form:

ip nat inside source static tcp i1.i2.i3.i4 22 p1.p2.p3.p4 22 extendable


I could make quite a few of these statements and have it work, but I want to
specify a range of ports. Does anyone know the syntax to do this?

_________________________________
Todd Bennett
BennTech

On 31 Mar, 19:12, "Todd Bennett" <tabennett(nospam)@benntech.net>
wrote:
> I need to NAT a range of ports from a public IP to a private IP. *I
> typically use the form:
>
> ip nat inside source static tcp i1.i2.i3.i4 22 p1.p2.p3.p4 22 extendable
>
> I could make quite a few of these statements and have it work, but I want to
> specify a range of ports. *Does anyone know the syntax to do this?

I have not needed to do this and have not researched it
however I don't believe that this is available.

If your lists are complex perhaps you might manage them
in Excel and copy paste into the router.

Such a facility is available for address ranges but not
as far as I know for port ranges.

Thank you for your reply. I may have gotten a solution from another source.
I'm not yet sure if this will work until I test it.

To permit a range through the firewall:
access-list 120 permit <tcp/udp> any any range 10000 20000
int <outside interface>
ip access-group 120 in

To NAT the range of ports:
ip nat inside source static 1.1.1.1 2.2.2.2 route-map NAME extendable
access-list 130 permit tcp any any range 10000 20000
route-map NAME permit 10
match ip address 130

_________________________________
Todd Bennett
BennTech

"bod43" <> wrote in message
news:c8b45c2b-bcb1-4439-8c38-...
On 31 Mar, 19:12, "Todd Bennett" <tabennett(nospam)@benntech.net>
wrote:
> I need to NAT a range of ports from a public IP to a private IP. I
> typically use the form:
>
> ip nat inside source static tcp i1.i2.i3.i4 22 p1.p2.p3.p4 22 extendable
>
> I could make quite a few of these statements and have it work, but I want
> to
> specify a range of ports. Does anyone know the syntax to do this?

I have not needed to do this and have not researched it
however I don't believe that this is available.

If your lists are complex perhaps you might manage them
in Excel and copy paste into the router.

Such a facility is available for address ranges but not
as far as I know for port ranges.