Cisco Systems, Inc.(R)    Cisco | Profile | Contacts & Feedback | Help
Cisco SMB Support Assistant
Configure Port Mapping feature on Cisco Routers
Home > Work With My Routers > Cisco Routers > Configure Port Mapping feature on Cisco Routers  
 

Configure Port Mapping feature on Cisco Routers

     Introduction
     Requirements
     Configure Port mapping feature
     Next Step
     Troubleshoot the Procedure
     Related Information

Download PDF


 		 Configure Port Mapping feature on Cisco Routers 


Introduction

This document explains how to configure Port mapping or Port to Application mapping feature on a Cisco router. The Port mapping feature is used to map non-standard ports to some application.

Port mapping allows the user to customize TCP or UDP port numbers for network services and applications on the router. This is useful if you have some devices on your network that run standard applications (like FTP, HTTP etc.) on non-standard ports. Port mapping is a feature of Cisco IOS firewall feature set. With the user supplied port mapping and system standard port mapping, a PAM (Port to Application Mapping) table is built. The information in the PAM table enables Context-based Access Control (CBAC) supported services, such as inspection of traffic, to run on non-standard ports. Port mapping can be configured for a single host or for the entire subnet or for whatever traffic is passed through the router that matches the criteria.

In this example used in this document, port 8080 is mapped to HTTP protocol for a host in the network.

Note: The PAM table already contains system defined mappings for well known or registered ports. The system defined mapping information could not be deleted or changed. However, you can override the system defined entries for specific hosts by configuring port mapping for a single host or the entire subnet. The port mapping feature can also be configured for non-standard protocols (protocols that use a static but not a reserved port). However, the other firewall features like CBAC inspection does not work for these protocols.


Back to Top


Requirements

To perform the steps described in this document, you need to have these items:


Back to Top


Configure Port mapping feature

Follow the steps to configure port mapping on Cisco routers:

  1. Open a web browser and type in the Address field. The router's IP address is the IP address that you entered in the LAN Addressing Worksheet (L6A).

    Note: For further information about how to launch SDM, refer to Configure Your Router with Security Device Manager.

  2. Click Configure.

    config_port_mapping_01.gif

  3. Select Additional Tasks.

    config_port_mapping_02.gif

  4. Select Port to Application Mappings.

    config_port_mapping_03.gif

  5. This shows a list of system defined mappings and user defined mappings (if configured). Click Add to create a user defined mapping.

    config_port_mapping_04.gif

  6. Click the list button next to the Protocol field to select a protocol from the list.

    config_port_mapping_05.gif

  7. Select the desired protocol for which Port mapping is required and click OK.

    config_port_mapping_06.gif

  8. Enter these values in the Add Port Map Entry window:

    • Add a description to the port mapping entry.

    • Select the port type from the Port Type list.

    • Enter the port number to be mapped.

    • Follow these to apply the port mapping for Host address of service:

      1. To apply this port mapping to a specific host, enter the host IP address.

      2. To apply this port mapping to a subnet, enter the subnet address without the mask.

      3. To apply this port mapping to whatever traffic that passes through the router which matches the criteria, leave the field blank.

    config_port_mapping_07.gif

    Click OK.

  9. Click OK in the Command Delivery Status window.

    config_port_mapping_08.gif

  10. Scroll down to check if your Port mapping is correctly applied on the router.

    config_port_mapping_09.gif


Back to Top


Next Step

You have now configured Port mapping on your router. Follow the steps again to configure more Port mappings.

To make further changes to your router, refer to the Router Support Page.

To configure other devices in your network, refer to the Configuration Overview Page.


Back to Top


Troubleshoot the Procedure

This section provides information about common problems that you may encounter. If this information does not solve your problem, contact the SMB Technical Assistance Center (SMB TAC) for assistance.

Problem

Cause(s) and Suggested Solution(s)

You get the error message “The port number you specified is same as the standard port number of xyz protocol".

You can only change the standard port mapping to a user defined port number for a specific host or a subnet. Add the host or the subnet address when configuring the port mapping. Otherwise use a non-standard port.

You are unable to connect to the router with Security Device Manager (SDM).

Refer to Configure Your Router with Security Device Manager.


Back to Top


Related Information
Service Requests

  Open a service request
  Update a service request

Feedback

Please rate this site:
++ + +/- - --

Suggestions for improvement:




If Cisco may contact you for more details
or for future feedback opportunities,
please enter your contact information:
Full Name:
Email:



© 1992-2006 Cisco Systems, Inc. All rights reserved. Terms and Conditions, Privacy Statement, Cookie Policy and Trademarks of Cisco Systems, Inc.