Port Forwarding Configuration – Cisco Router

The port forwarding configuration on Cisco routers is similar to the configuration of static NAT. It is a static NAT translation with a specific TCP or UDP port number.

port forwarding configuration

The figure above shows an example port forwarding configuration using Cisco IOS commands on router R2, 192.168.11.100is the inside local IPv4 address of the webserver. The listening port of the webserver is port 80. The administrator wants to access this internal webserver from an external network using the global IP address 202.128.54.1 a globally unique public IPv4 address.

It is the address of the g0/1 interface of R2. The global port is configured as 8080 which will be the destination port used, along with the global IPv4 address of 202.128.54.1 to access the internal webserver. The command syntax for port forwarding is the following:

Router(config)#Ip nat inside source {static (tcp|udp) local-ip local-port global-ip global-port} [extendable]

TCP or UDP – This parameter showing that the port belongs to TCP or UDP

Local-IP – This is the IPv4 address to the host inside the local network.

Local Port– This is the port of the local host in a range of 1-65535.

Global-IP – This is the IPv4 address of the inside host globally unique. The outside clients will use this IP to reach the internal host.

Global-port – This is the global TCP/UDP port in the range from 1-65535. This is the port number the outside client will use to reach the internal server.

Extendable – The extendable option is applied automatically. This keyword allows the user to configure ambiguous static translation. It extends the static translation to more than one port if necessary

When we want to use a port other than well-known ports, the client must specify the port number in the web request. Like the simple static or dynamic NAT configuration port forwarding also required the configuration of both the inside and outside NAT interfaces. The configuration of port forwarding on R1 is:

  • R1(config)#ip nat inside source static tcp 192.168.11.100 80 202.128.54.1 8080
  • R1(config)interface g0/0
  • R1(config-if)ip nat inside
  • R1(config-if)exit
  • R1(config)interface s0/0/0.101
  • R1(config-if)ip nat outside

Port forwarding verification

Similar to static NAT verification we can also verify the port forwarding configuration using, the “show ip nat translations” command. The below image illustrates the output of this command.

Port Forwarding Configuration – Cisco Router 2

When the router receives the packet with the inside global IPv4 address of 202.128.54.1 including TCP destination port 8080, the lookup the NAT table using the destination IPv4 address and destination port as the key and translates the address to the inside local address of host 192.168.11.100 including the destination port 80. R2 then forwards the packet to the webserver. When webserver replies the packets back to the client, this process is reversed.