Get Unlimited Access to 812 Cisco Lessons Now Get $1 Trial
You are here: Home » Cisco » CCIE Enterprise Infrastructure

Cisco IOS NAT Port Forwarding

NAT port forwarding is typically used to allow remote hosts to connect to a host or server on our private LAN. A host on the outside (for example on the Internet) will connect to the outside IP address of a router that is configured for NAT. This NAT router will forward traffic to host on the inside. Here’s an example:

NAT Port Forwarding INSIDE OUTSIDE

Above we have three routers, we’ll use these to demonstrate NAT port forwarding. Imagine R1 is a HTTP server on our LAN and R3 is some host on the Internet that wants to reach our HTTP server. R2 will make sure that the HTTP server is reachable on an IP address on the outside. Let’s take a look at the configuration…

Configuration

First we will configure a static route on R1 so it knows how to reach the outside world:

R1(config)#ip route 0.0.0.0 0.0.0.0 192.168.12.2

Now we can worry about the NAT commands. Let’s configure the inside and outside interfaces:

R2(config)#interface FastEthernet 0/0
R2(config-if)#ip nat inside

R2(config)#interface FastEthernet 1/0
R2(config-if)#ip nat outside

Now we can try some different NAT rules.

Port forwarding using the outside IP address

We will start with the most common scenario. When someone connects to TCP port 80 on the outside interface of R2 then it should be forwarded to R1. Here’s how to do it:

R2(config)#ip nat inside source static tcp 192.168.12.1 80 192.168.23.2 80 extendable

The NAT rule above is pretty straight forward. Whenever someone tries to connect on TCP port 80 with destination IP address 192.168.23.2 then it will be forwarded to 192.168.12.1. Let’s see if it works:

We're Sorry, Full Content Access is for Members Only...

If you like to keep on reading, Become a Member Now!

  • Learn any CCNA, CCNP and CCIE R&S Topic. Explained As Simple As Possible.
  • Try for Just $1. The Best Dollar You’ve Ever Spent on Your Cisco Career!
  • Full Access to our 812 Lessons. More Lessons Added Every Week!
  • Content created by Rene Molenaar (CCIE #41726)
Give Membership a try - it's just $1 ►
331 Sign Ups in the last 30 days
satisfaction-guaranteed

  • 100% Satisfaction Guaranteed!
  • You may cancel your monthly membership at any time.
  • No Questions Asked!

Tags: , ,

Forum Replies

  1. Hi Rene

    Can you please tell me why we use keyword extendable in nat forwarding, what will happens if we do not use that keyword?

  2. Hi Boris,

    You need extendable if you map an inside address to multiple outside IP addresses, like this:

    ip nat inside source static 192.168.1.1 1.2.3.4 extendable
ip nat inside source static 192.168.1.1 5.6.7.8 extendable

    Where 192.168.1.1 is the inside address and 1.2.3.5 / 5.6.7.8 are outside addresses. Cisco IOS will add the keyword automatically.

    You also need it for port forwarding where you use the same inside and outside addresses for different port numbers:

    ip nat inside source static tcp 192.168.1.1 80 1.2.3.4 80 extendable
ip nat inside source static
    ... Continue reading in our forum

  3. Hi Rene

    Can we use maybe route map if we need open more ports for one IP address, what is very often case for CCTV.

    Regards

  4. Hi Boris,

    No need for a route-map, you can repeat this command as often as you need:

    ip nat inside source static tcp 192.168.12.1 80 192.168.23.2 80 extendable

    Just change the ports required and that’s it.

    Rene

  5. Hi,

    What if I want to do static nat for multiple web servers. Let us say, we have 3 web servers with private IP address that i want to connect from a public IP. How can we do that as the port number is used once only?

    Thank you for your support.

    Akram

33 more replies! Ask a question or join the discussion by visiting our Community Forum