configuring cisco 837 to port map all required ports

Posts: 5 · New Forum Member Joined: Feb 23, 2005 Posts: 5

I have a Cisco 837 that connects my DSL. I know how to static NAT a single port, but does anyone out there know how to map the ranges of ports required. the 5060-5061 and 10000-20000. I woul dhate to have to put 10002 lines of config in jsut to get all the ports mapped.,

Thanks in advance

Posts: 35 · Posted: Sat Feb 26, 2005 8:45 pm Post subject:

What version of the IOS are your running?
Obviously it doesn't work since you posted your question but it's been three days so I wanted to ask.

BTW: I doubt your roter would hold 10K lines of config.

Kevin

Posts: 36 · Posted: Sat Feb 26, 2005 11:36 pm Post subject:

I've really seen no need to setup port forwarding or port priority anyway.
Typically this is only needed when you have some VERY heavy network traffic taking place, like downloading large images, music, etc, live video.

Posts: 5 · New Forum Member Joined: Feb 23, 2005 Posts: 5

Yes port mapping is required when you are using NAT from a single IP. (WAN) to many LAN IP addresses. You have to tell the router where the ports need to be directed to what machine/IP on your LAN for various services like, HTTP, FTP POP3 etc......

I was able to map the ports required to the Vonage device with an access list that grouped the ports into a 2 line list.

ip nat inside source list 103 interface Dialer0 overload
access-list 103 permit udp any host 192.168.1.x range 5060 5061
access-list 103 permit udp any host 192.168.1.x range 10000 20000

x is the IP of the Vonage device.

I hope this can help anyone else out there with a cisco router trying to set up Vonage.

Posts: 43 · Posted: Mon Feb 28, 2005 9:30 am Post subject:

Remember that the Vonage ip connection is opened from the Vonage adapter when it boots, thus the reply packets should contain all the information required to route back to the Vonage adapter.

If you open a www session to some distant host, do you need to map that host back to port 80 of your pc? I don't think so.

Posts: 482 · Posted: Mon Feb 28, 2005 11:14 am Post subject:

You should not need to do any mapping since the Vonage device initiates the connection. Vonage is never trying to contact you first, so there's never any "incoming" connection from Vonage, it's always a reply. I'm sure it's fun to play with your router, but you're massively over-complicating something that's truly very simple.

Posts: 5 · New Forum Member Joined: Feb 23, 2005 Posts: 5

According to the set up docs on Vonages website it is needed.

http://www.vonage.com/help_knowledgeBase_article.php?category=45&article=89

Posts: 482 · Posted: Mon Feb 28, 2005 6:09 pm Post subject:

CBoston, all I can tell you is that I think they're wrong. Plenty of other people are doing it without port forwarding, and I don't think the setup guide mentions it, either.

The reasoning in that article is pretty tenuous: "You may need to direct certain ports to be accessible to our communications network in order to complete high quality phone calls." When the Vonage adapter checks in with the Vonage servers, it establishes the necessary connections. The only reason I can see why you'd need port forwarding to your Vonage adapter is if your router wasn't working properly.

Honestly, no one else has to do this...I wonder why you do? Did you have problems without forwarding, or did you just set it up because you came across that article?

Posts: 35 · Posted: Mon Feb 28, 2005 10:33 pm Post subject: NAT -v- NAT-Overload aka PAT

CBoston, I agree with ToddlerTN. The Vonage router does the initial contact to the Vonage server (and every 18 seconds afterward too) and your router, knowing that, allows the reply back to the Vonage router.

Your access list allows the Vonage server to contact you first which it will never do.

Your comment about needing NAT wasn't exactly on-target according to Cisco. NAT is when you want to map a single internal address to a specific external address. When you only have one external address you are using NAT-overload also known as Port Address Translation (PAT).
Of course you are free to use NAT with only a single external address.

I did learn from your post. Allowing ranges of ports in a single access-list line was new to me.

Glad it's working for you and hey, if you have Cisco at the house you might as well learn on it too. More power to you.

Kevin

Posts: 5 · New Forum Member Joined: Feb 23, 2005 Posts: 5

Well tonight when Iget home I will turn off the port forwarding. I was just doing what the set up said to do. I will see if all still works with out it.

CCNADog, If you got any Cisco Questions I would be glad to try and help. I have been working with Nortel, Cisco, Redback, and Juniper routers for almost 10 years. Let me know. If you wan you can email me at chris.boston@gmail.com