The Port Handling for Interface Overload Mapping feature allows you to set the port range for NAT interface overload mapping. It also allows you to block a specific port from being used in interface overload mapping. You must set the port range (see Configuring a Port Range for Interface Overload Mapping below) before specifying an interface overload mapping command; for example, ip nat inside source list list1 interface gig0/0/1.

Clearing Allocated Port Ranges

When an interface address is configured as a global address for NAT translation, the transport port manager (TPM) initially allocates ports. This ensures that applications initiated on the NAT router use different address and port combinations for communication. After all interface overload mappings are removed from the router (for example, using the no ip nat inside source list list1 interface gig0/0/1 command) this feature ensures that any unused port allocations are returned to the TPM.

Configuring a Port Range for Interface Overload Mapping

The ip nat settings interface-overload port range command sets the port range that NAT can use to request ports from the TPM. You can specify a port range within the range 1024–65535. For example, if you need to use port 4500 for IPsec and prefer not to use any ports below 4500, you can specify the port range 4501–65535.

Ensure that you configure the port range before further configuration of interface overload mapping. After an interface overload mapping has been configured, if you then try to change the range, an error message is produced.

The ip nat settings interface-overload port range command is only applicable when it occurs before an interface overload mapping command. For example, ip nat inside source list list1 interface gig0/0/1.

Blocking a Port from Interface Overload Mapping

The ip nat settings interface-overload block port command blocks a single port in the port range from being used for interface overload mapping. You can use this command for a well-known port; for example, where an application needs unrestricted access to a specific port on the NAT router. If you use this command for a port that is already part of a range used for interface overload mapping, the existing translations for the port are cleared.

• The port-related commands that are mentioned in this Port Handling for Interface Overload Mapping feature, are only for interface overload mappings. They are not intended to be used for configuring ports for a NAT pool.

• Commands that are shown in the configuration steps for port handling set the port range for all interface-based mappings. That is, you cannot configure ports per interface.