The general answer to this question is that it can't be done.

However it is possible using a technique that was actually designed for a different purpose, an IP NAT pool. Using a NAT pool means you can specify an ACL (in this case with the port range) but you use a "pool" of a single address and specify the rotary method.

In the example below the IP address 192.168.1.10 is the internal address that you wish to forward the range of TCP ports to:

ip nat pool p2p 192.168.1.10 192.168.1.10 netmask 255.255.255.0 type rotary
ip nat inside destination list 100 pool p2p
access-list 100 permit tcp any any range 6881 6999
 

Note:
This tip has been tested working with various routers within various network topology. Similar attempts have been tried on UDP traffic to no avail. Therefore it is safely assumed that this tip does not work on UDP traffic.


got feedback? got feedback?

Any feedback you provide is sent to the owner of this FAQ for possible incorporation and shown publically as well.

by Phraxos edited by aryoba
last modified: 2010-11-30 12:26:26