How do I set up Cisco 1600 nat port range for pasv ftp?

I would like to set up my cisco 1600 to support PASV ftp for a
particular ip address using NAT.

In other words I would like to forward packets incoming to ip
192.168.0.2 ports 5500 to 5700. The port range is what I have my ftp
server set up to use, I think it defaults to 1024+.

Internal FTP server: ip 192.168.0.2 ports 21, 5500-5700
external ip address: 1.2.3.4 (for the sake of this question)

I set up the NAT ftp control port 21 (which works fine) with:

ip nat inside source static tcp 192.168.0.2 21 1.2.3.4 21

But to support passive ftp (PASV) I need to also accept incoming
traffic to ports 5500-5700. This is because the ftp server will give
the ftp client a random node in that range to connect to for data
transmission.

I would like to do something like the following, but the cisco router
doesn't like the port range syntax:

ip nat inside source static tcp 192.168.0.2 5500-5700 1.2.3.4 5500-5700

The above line DOES NOT WORK as it is an invalid format, but I think it
give the gist of what I would like the end result to be.

Is there another way to do this? I'm not a cisco router expert so my
knowledge doesn't go much further than setting up "ip nat inside..."
commands.

Thank you,
Johnny
Received on Thu Sep 29 20:01:36 2005