ip nat inside source static
NAT port-forwarding exposes a LAN service (IP address and port) to WAN users. The command creates a static translation rule, which maps a WAN port (on one or all WAN interfaces) to a LAN service.
To remove a port-forwarding rule, use the no format of the command.
Syntax
ip nat inside source static {tcp|udp} <lan-ip> <lan-port> <wan-ip> <wan-port>
ip nat inside source static {tcp|udp} <lan-ip> <lan-port> <wan-ip> range <wan-port-start> <wan-port-end>
ip nat inside source static {tcp|udp} <lan-ip> <lan-port> <if-name> <wan-port>
ip nat inside source static {tcp|udp} <lan-ip> <lan-port> <if-name> range <wan-port-start> <wan-port-end>
ip nat inside source static {tcp|udp} <lan-ip> same <wan-ip> <wan-port>
ip nat inside source static {tcp|udp} <lan-ip> same <wan-ip> range <wan-port-start> <wan-port-end>
ip nat inside source static {tcp|udp} <lan-ip> same <if-name> <wan-port>
ip nat inside source static {tcp|udp} <lan-ip> same <if-name> range <wan-port-start> <wan-port-end>
ip nat inside source static ip <lan-ip> <wan-ip>
ip nat inside source static ip <lan-ip> <if-name>
ip nat inside source static gre <lan-ip> <wan-ip>
ip nat inside source static {tcp|udp} <lan-ip> <lan-port> <wan-ip> <wan-port> same <if-name> <wan-port> match <access list name>
|
Command |
Description |
|---|---|
|
tcp |
Defines forwarding for a TCP port. |
|
udp |
Defines forwarding for a UDP port. |
|
lan-ip |
Defines the IP address of LAN service host. |
|
same |
Sets the LAN port the same as the WAN port. |
|
lan-port |
Defines the port number (1-65535) of the LAN service. |
|
match |
Applies an access list rule to the NAT port forwarding rule. For configuring access list (ACL), use the command: (config-data)# access-list |
|
wan-ip |
Defines the WAN interface for this rule. Specify the IP address or 0.0.0.0 for all WAN interfaces. |
|
wan-port |
Defines the port number on WAN interface. |
|
range |
Performs port forwarding on a range of ports, rather than a single port. |
|
acl-name |
Access-list defining the LAN hosts affected by the NAT rule. |
|
if-name |
WAN interface name and index, to which NAT will be performed. |
|
pool-name |
IP address pool to be used on the WAN interface. |
|
Interface Type (ifname) |
Interface ID |
|
|---|---|---|
|
gigabitethernet |
GigabitEthernet interface slot and port (VLAN ID is optional) |
[SLOT/PORT.VLANID] |
|
cellular |
Cellular interface ID |
0/0 |
|
gre |
Tunnel GRE ID |
[1-255] |
|
ipip |
Tunnel IPIP ID |
[1-255] |
|
l2tp |
L2TP ID |
[0-99] |
|
pppoe |
PPPoE interface ID |
[1-3] |
|
pptp |
PPTP ID |
[0-99] |
|
vlan |
Vlan ID |
[1-3999] |
|
loopback |
Loopback ID |
[1-5] |
|
bvi |
Bridge interface |
[1-255] |
Default
No port forwarding.
Command Mode
Privileged User
Example
The following example defines a port forwarding rule:
(config-data)# ip nat inside source static tcp 192.168.0.7 80 0.0.0.0 8080
The following example defines a port forwarding rule and applies an access list rule:
(config-data)# ip nat inside source static tcp 192.168.0.16 same gigabitethernet 0/0 8080 match PF-ACL