How to Configure Port Forwarding – Cisco Router

To Configure port forwarding on Cisco routers is similar to the configuration of static NAT. It is a static NAT translation with a specific TCP or UDP port number.

configure port forwarding

The figure above shows an example to configure port forwarding using Cisco IOS commands on router R2, is the inside local IPv4 address of the webserver.

The listening port of the webserver is port 80. The administrator wants to access this internal webserver from an external network using the global IP address a globally unique public IPv4 address.

It is the address of the g0/1 interface of R2. The global port is configured as 8080 which will be the destination port used, along with the global IPv4 address of to access the internal webserver. The command syntax to configure port forwarding is the following:

Router(config)#Ip nat inside source {static (tcp|udp) local-ip local-port global-ip global-port} [extendable]

TCP or UDP – This parameter showing that the port belongs to TCP or UDP

Local-IP – This is the IPv4 address to the host inside the local network.

Local Port– This is the port of the local host in a range of 1-65535.

Global-IP – This is the IPv4 address of the inside host globally unique. The outside clients will use this IP to reach the internal host.

Global-port – This is the global TCP/UDP port in the range from 1-65535. This is the port number the outside client will use to reach the internal server.

Extendable – The extendable option is applied automatically. This keyword allows the user to configure ambiguous static translation. It extends the static translation to more than one port if necessary

When we want to use a port other than well-known ports, the client must specify the port number in the web request. Like the simple static or dynamic NAT configuration, we should configure port forwarding for both the inside and outside NAT interfaces. To configure port forwarding on R1, the commands are:

  • R2(config)#ip nat inside source static tcp 80 8080
  • R2(config)interface g0/0
  • R2(config-if)ip nat inside
  • R2(config-if)exit
  • R2(config)interface s0/0/0.101
  • R2(config-if)ip nat outside

Port forwarding verification

Similar to static NAT verification we can also verify the port forwarding configuration using, the “show ip nat translations” command. The below image illustrates the output of this command.

Configure port forwarding

When the router receives the packet with the inside global IPv4 address of including TCP destination port 8080, the lookup the NAT table using the destination IPv4 address and destination port as the key and translates the address to the inside local address of host including the destination port 80. R2 then forwards the packet to the webserver. When webserver replies the packets back to the client, this process is reversed.