How to Configure Port Forwarding – Cisco Router
Configuring port forwarding on Cisco routers is similar to configuring static NAT. It is a static NAT translation with a specific TCP or UDP port number.
The figure above shows an example of configuring port forwarding using Cisco IOS commands on router R2. 192.168.11.100 is the web server’s inside local IPv4 address.
The webserver’s listening port is 80. The administrator wants to access this internal webserver from an external network using the global IP address 202.128.54.1, a globally unique public IPv4 address.
It is the address of the g0/1 interface of R2. The global port is configured as 8080, and the destination port is used, along with the global IPv4 address of 202.128.54.1, to access the internal webserver. The command syntax to configure port forwarding is the following:
Router(config)#Ip nat inside source {static (tcp|udp) local-ip local-port global-ip global-port} [extendable]
TCP or UDP – This parameter shows that the port belongs to TCP or UDP
Local IP—It is the IPv4 address of the host inside the local network.
Local Port— It is the port of the local host in a range of 1-65535.
Global-IP—It is the inside host’s IPv4 address, which is globally unique. The outside clients will use this IP to reach the internal host.
Global port—This is the global TCP/UDP port between 1 and 65535. It is the port number the outside client will use to reach the internal server.
Extendable – The extendable option is applied automatically. This keyword allows the user to configure ambiguous static translation. It extends the static translation to more than one port if necessary
When we want to use a port other than a well-known port, the client must specify the port number in the web request. Like the simple static or dynamic NAT configuration, we should configure port forwarding for inside and outside NAT interfaces. To configure port forwarding on R1, the commands are:
- R2(config)#ip nat inside source static tcp 192.168.11.100 80 202.128.54.1 8080
- R2(config)interface g0/0
- R2(config-if)ip nat inside
- R2(config-if)exit
- R2(config)interface s0/0/0.101
- R2(config-if)ip nat outside
Port forwarding verification
Similar to static NAT verification, we can also verify the port forwarding configuration using the “show ip nat translations” command. The image below illustrates the output of this command.
When the router receives the packet with the inside global IPv4 address of 202.128.54.1, including TCP destination port 8080, it looks up the NAT table using the destination IPv4 address and destination port as the key. It translates the address to the inside local address of the host 192.168.11.100, including the destination port 80.
R2 then forwards the packet to the web server. When the web server replies the packets back to the client, this process is reversed.