Introduction
UPDATE 05/16
Do not even attempt to use this in a production environment. It worked up until it didn’t work at all. The way round it in the end was of course to use 1 to 1 mappings for the 2 internal devices but of course you need something bigger than a /30 to do this. Lesson learned, its all in the planning.
Just to make something clear. I hate NAT. It is rubbish and anyone who thinks of it fondly is obviously retarded. One thing is for sure though, it will be with us for quite some time. However back to the post. So the issue was I had a requirement to forward a range of ports on to 2 different internal devices and even though I know Cisco devices generally inside out, this made me stop and think for a minute. Hmmm… how do I do this in IOS? As Jeremy states in his post below, many forums say oh you can’t its impossible blah, blah, blah. Well it’s not and it’s also not hard. You don’t need 3k separate entries as that would be awful and ugly.
Configuration
Assumed is a basic nat inside, outside setup. This is what we need for the port forwards. Job done.
ip nat pool PortFwd_10.10.10.2 10.10.10.2 10.10.10.2 netmask 255.255.255.0 type rotary
ip nat pool PortFwd_10.10.10.10 10.10.10.10 10.10.10.10 netmask 255.255.255.0 type rotary
ip nat inside destination list VoIP_10.10.10.2 pool PortFwd_10.10.10.2
ip nat inside destination list VoIP_10.10.10.10 pool PortFwd_10.10.10.10
ip access-list extended VoIP_10.10.10.2 permit udp any any range 7000 7331 permit udp any any eq 5060 permit udp any any eq 5588 permit udp any any eq 6254 permit tcp any any eq 7878 permit tcp any any eq 8899 permit tcp any any eq 8081
ip access-list extended VoIP_10.10.10.10 permit udp any any range 6000 6095 permit udp any any range 8000 8095 permit udp any any range 9000 9095 permit udp any any range 9200 9247
Thanks to Jeremy via:
http://evilrouters.net/2010/05/25/port-forwarding-a-range-of-ports-on-cisco-ios/
