Cisco IOS NAT Port Forwarding

NAT port forwarding is typically used to allow remote hosts to connect to a host or server on our private LAN. A host on the outside (for example on the Internet) will connect to the outside IP address of a router that is configured for NAT. This NAT router will forward traffic to host on the inside. Here’s an example:


Above we have three routers, we’ll use these to demonstrate NAT port forwarding. Imagine R1 is a HTTP server on our LAN and R3 is some host on the Internet that wants to reach our HTTP server. R2 will make sure that the HTTP server is reachable on an IP address on the outside. Let’s take a look at the configuration…


First we will configure a static route on R1 so it knows how to reach the outside world:

R1(config)#ip route

Now we can worry about the NAT commands. Let’s configure the inside and outside interfaces:

R2(config)#interface FastEthernet 0/0
R2(config-if)#ip nat inside

R2(config)#interface FastEthernet 1/0
R2(config-if)#ip nat outside

Now we can try some different NAT rules.

Port forwarding using the outside IP address

We will start with the most common scenario. When someone connects to TCP port 80 on the outside interface of R2 then it should be forwarded to R1. Here’s how to do it:

R2(config)#ip nat inside source static tcp 80 80 extendable

The NAT rule above is pretty straight forward. Whenever someone tries to connect on TCP port 80 with destination IP address then it will be forwarded to Let’s see if it works:

We're Sorry, Full Content Access is for Members Only...

If you like to keep on reading, Become a Member Now! Here is why:

  • Learn any CCNA, CCNP and CCIE R&S Topic. Explained As Simple As Possible.
  • Try for Just $1. The Best Dollar You’ve Ever Spent on Your Cisco Career!
  • Full Access to our 739 Lessons. More Lessons Added Every Week!
  • Content created by Rene Molenaar (CCIE #41726)

542 Sign Ups in the last 30 days

100% Satisfaction Guaranteed!
You may cancel your monthly membership at any time.
No Questions Asked!

Tags: , ,

Forum Replies

  1. Hi Rene

    Can you please tell me why we use keyword extendable in nat forwarding, what will happens if we do not use that keyword?

  2. Hi Boris,

    You need extendable if you map an inside address to multiple outside IP addresses, like this:

    ip nat inside source static extendable
    ip nat inside source static extendable

    Where is the inside address and / are outside addresses. Cisco IOS will add the keyword automatically.

    You also need it for port forwarding where you use the same inside and outside addresses for different port numbers:

    ip nat inside source static tcp 80 80 extendable
    ip nat inside source static
    ... Continue reading in our forum

  3. Hi Rene

    Can we use maybe route map if we need open more ports for one IP address, what is very often case for CCTV.


  4. Hi Molenaar, why in the image i see Fa1/0 and the saved configuration we have FastEthernet0/1, could it be a typo?

  5. Testing static NAT and saw some behavior that confused me. In my setup, R5 is the router in the middle doing NAT. I am trying to telnet from R4 which is directly connected to R5 on network to another router R8 which is also directly connected to R5 on the subnet
    In one configuration where I put R4 on the outside interface, telnet works but when I swapped the configuration so that R4 is on the inside interface, it didn’t work. R4 is going to do “telnet 8023” in both scenarios. The only place I am changing the configuratio

    ... Continue reading in our forum

16 more replies! Ask a question or join the discussion by visiting our Community Forum