Information About Port Handling in Interface Overload Mapping
The Port Handling for Interface Overload Mapping feature allows you to set the port range for NAT interface overload mapping.
It also allows you to block a specific port from being used in interface overload mapping. You must set the port range (see
Configuring a Port Range for Interface Overload Mapping below) before specifying an interface overload mapping command; for
example, ip nat inside source list list1 interface gig0/0/1
.
Clearing Allocated Port Ranges
When an interface address is configured as a global address for NAT translation, the transport port manager (TPM) initially
allocates ports. This ensures that applications initiated on the NAT router use different address and port combinations for
communication. After all interface overload mappings are removed from the router (for example, using the no ip nat inside source list list1 interface gig0/0/1
command) this feature ensures that any unused port allocations are returned to the TPM.
Configuring a Port Range for Interface Overload Mapping
The ip nat settings interface-overload port range command sets the port range that NAT can use to request ports from the TPM. You can specify a port range within the range 1024–65535. For example, if you need to use port 4500 for IPsec and prefer not to use any ports below 4500, you can specify the port range 4501–65535.
Ensure that you configure the port range before further configuration of interface overload mapping. After an interface overload mapping has been configured, if you then try to change the range, an error message is produced.
The ip nat settings interface-overload port range
command is only applicable when it occurs before an interface overload mapping command. For example, ip nat inside source list list1 interface gig0/0/1
.
Blocking a Port from Interface Overload Mapping
The ip nat settings interface-overload block port command blocks a single port in the port range from being used for interface overload mapping. You can use this command for a well-known port; for example, where an application needs unrestricted access to a specific port on the NAT router. If you use this command for a port that is already part of a range used for interface overload mapping, the existing translations for the port are cleared.