How to Configure Port Forwarding – Cisco Router
To Configure port forwarding on Cisco routers is similar to the configuration of static NAT. It is a static NAT translation with a specific TCP or UDP port number.
The figure above shows an example to configure port forwarding using Cisco IOS commands on router R2, 192.168.11.100 is the inside local IPv4 address of the webserver.
The listening port of the webserver is port 80. The administrator wants to access this internal webserver from an external network using the global IP address 202.128.54.1 a globally unique public IPv4 address.
It is the address of the g0/1 interface of R2. The global port is configured as 8080 which will be the destination port used, along with the global IPv4 address of 202.128.54.1 to access the internal webserver. The command syntax to configure port forwarding is the following:
Router(config)#Ip nat inside source {static (tcp|udp) local-ip local-port global-ip global-port} [extendable]
TCP or UDP – This parameter showing that the port belongs to TCP or UDP
Local-IP – This is the IPv4 address to the host inside the local network.
Local Port– This is the port of the local host in a range of 1-65535.
Global-IP – This is the IPv4 address of the inside host globally unique. The outside clients will use this IP to reach the internal host.
Global-port – This is the global TCP/UDP port in the range from 1-65535. This is the port number the outside client will use to reach the internal server.
Extendable – The extendable option is applied automatically. This keyword allows the user to configure ambiguous static translation. It extends the static translation to more than one port if necessary
When we want to use a port other than well-known ports, the client must specify the port number in the web request. Like the simple static or dynamic NAT configuration, we should configure port forwarding for both the inside and outside NAT interfaces. To configure port forwarding on R1, the commands are:
- R2(config)#ip nat inside source static tcp 192.168.11.100 80 202.128.54.1 8080
- R2(config)interface g0/0
- R2(config-if)ip nat inside
- R2(config-if)exit
- R2(config)interface s0/0/0.101
- R2(config-if)ip nat outside
Port forwarding verification
Similar to static NAT verification we can also verify the port forwarding configuration using, the “show ip nat translations” command. The below image illustrates the output of this command.
When the router receives the packet with the inside global IPv4 address of 202.128.54.1 including TCP destination port 8080, the lookup the NAT table using the destination IPv4 address and destination port as the key and translates the address to the inside local address of host 192.168.11.100 including the destination port 80. R2 then forwards the packet to the webserver. When webserver replies the packets back to the client, this process is reversed.
June 22, 2021 @ 9:52 pm
Is it possible that there is a typo in this on the line that reads:
R1(config)#ip nat inside source static tcp 192.168.11.100 80 202.128.54.1 8080
Should it not say R2?
Thanks,
Phillip
June 24, 2021 @ 10:16 am
Hi
Yes it is, thanks a lot for the correction and visiting this site. It was a typing mistake. Thanks again and stay with us for more useful collaboration.
September 24, 2022 @ 11:29 pm
Why ip on int gi 0/0 r2 and web server are different subnet?