Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Port Forwarding for Next Gen Services

Port Forwarding Overview

Port forwarding allows the public destination address and port of a packet to be translated to an IP address and port in a private network. This translation is a static, one-to-one mapping.

Port forwarding allows a packet to reach a host within a masqueraded, typically private, network, based on the port number on which the packet was received from the originating host. An example of this type of destination is the host of a public HTTP server within a private network.

If you only need to change the destination port, you can also configure port forwarding without translating the destination address.

Port forwarding is supported for destination NAT and twice NAPT 44. Port forwarding works only with the FTP application-level gateway (ALG), and has no support for technologies that offer IPv6 services over IPv4 infrastructure, such as IPv6 rapid deployment (6rd) and dual-stack lite (DS-Lite).

Benefits

  • Allows remote computers, such as public machines on the Internet, to connect to a non-standard port of a specific computer that is hidden within a private network.

Configuring Port Forwarding with Static Destination Address Translation for Next Gen Services

You can configure port forwarding with static destination address translation, which changes the destination address and port of a packet so it can reach the correct host and port within a masqueraded, typically private, network.

Configuring the Destination Pool for Destination Address Translation

To configure the destination pool for the static destination address translation:

  1. Create a destination pool.
  2. Define the addresses or subnets to which destination addresses are translated.
  3. To allow the IP addresses of a NAT destination pool to overlap with IP addresses in pools used in other service sets, configure allow-overlapping-pools.

Configuring the Mappings for Port Forwarding

  1. Configure the port forwarding map name.
  2. Specify the original destination port number that needs to be translated and the port number to which the original port is mapped. You can configure a maximum of 32 destination port mappings in a port forwarding map.

    In the following example, the destination port number that needs to be translated is 23 and the port to which traffic is mapped is 45.

Configuring the NAT Rule for Port Forwarding with Destination Address Translation

To configure the NAT rule for port forwarding with destination address translation:

  1. Configure the NAT rule name.
  2. Specify the traffic direction to which the NAT rule set applies.
  3. Specify the destination addresses that the NAT rule applies to.

    To specify a range of addresses, configure an address book global address with the desired address range, and assign the global address to the NAT rule:

    To specify any unicast address:

  4. Specify the destination port range that the NAT rule applies to.
  5. Specify the NAT pool that contains the destination addresses for translated traffic.
  6. Specify the name of the mapping for port forwarding. You can only configure one mapping within a NAT rule term.
  7. Configure the generation of a syslog when traffic matches the destination NAT rule match conditions.

Configuring the Service Set for Port Forwarding with Destination Address Translation

To configure the service set for static destination NAT:

  1. Define the service set.
  2. Configure either an interface service, which requires a single service interface, or a next-hop service, which requires an inside and outside service interface.

    or

    Note:

    You cannot use an AMS interface in a port forwarding service set.

  3. Specify the NAT rule sets to be used with the service set.

Configuring Port Forwarding without Static Destination Address Translation for Next Gen Services

You can configure port forwarding without static destination address translation, which changes the destination port of a packet so it can reach the correct port on the destination host.

Configuring the Mappings for Port Forwarding

  1. Configure the port forwarding map name.
  2. Specify the original destination port number that needs to be translated and the port number to which the original port is mapped. You can configure a maximum of 32 destination port mappings in a port forwarding map.

    In the following example, the destination port number that needs to be translated is 23 and the port to which traffic is mapped is 45.

Configuring the NAT Rule for Port Forwarding without Destination Address Translation

To configure the NAT rule for port forwarding without destination address translation:

  1. Configure the NAT rule name.
  2. Specify the traffic direction to which the NAT rule set applies.
  3. Specify the destination addresses that the NAT rule applies to.

    To specify a range of addresses, configure an address book global address with the desired address range, and assign the global address to the NAT rule:

    To specify any unicast address:

  4. Specify that there is no address translation for the rule.
  5. Specify the name of the mapping for port forwarding. You can only configure one mapping within a NAT rule term.
  6. Configure the generation of a syslog when traffic matches the destination NAT rule match conditions.

Configuring the Service Set for Port Forwarding without Destination Address Translation

To configure the service set for static destination NAT:

  1. Define the service set.
  2. Configure either an interface service, which requires a single service interface, or a next-hop service, which requires an inside and outside service interface.

    or

    Note:

    You cannot use an AMS interface in a port forwarding service set.

  3. Specify the NAT rule sets to be used with the service set.