Cisco 2621xm Router Question

Is there a config that I can program into my router so it knows that when someone trys to pcanywhere a machine on my lan they can hit it with a wan address.

For example my router is and I give a client and address of which should automatically hit on a pcanywhere session, or is that only done on the firewall?
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Chris StauntonCommented:
You can set up your router with Rmon to monitor this activity through snmp.  I'm not big on setting up anything like this however, check out the webpage for settings.


sragusa66Author Commented:
It's not that I want to monitor it but its the fact that I'm having an issue with this. I also have a shorewall firewall which I think I made the proper changes to but I'm starting to doubt this. This is the scenario; I need to have a machine on my internal lan be accessible by pcanywhere with an external ip so that the programmers can get into this machine without having to vpn into the internal network. Sometimes this works and sometimes it doesn't. Another problem that I'm running into is that clients on a verizon dsl connection cannot access my vpn or website and webmail. They can ping and trac route my router and I can do the same; so whats the problem? Both Verizon and Telcove who is my isp says they're not doing anything that would prohibit this. Is it my router or my firewall?
It sounds like you're looking for network address translation, so that someone on the outside would PCAnywhere to which would then be translated to an inside machine on
OWASP Proactive Controls

Learn the most important control and control categories that every architect and developer should include in their projects.

As mike said, NAT or PAT is the way to go. The url below should give you a basic understanding of the topic. Suggest you read through it and then post further questions.

Hope this helps.
The thing is, if you already have 192.168 on your LAN, something in your network is already performing NAT. If you'll post your current router configuration, leaving out passwords, we can tell you if the router is doing it and modify the config appropriately. If it's not the router it might be the firewall.

ip nat inside source list <acl_number> interface <outside_nat_interface> overload
ip inside source static tcp 3389 3389

acl_number = acl number detailing which IPs get nat'd

access-list 1 permit                     ----for example

Then from interface config mode add inside and outside NAT interfaces:

router(int-conf)#ip nat inside   - on inside interface
router(int-conf)#ip nat outside - on outside interface

one to one NAT is also a possibility

harbor235 ;}
>ip inside source static tcp 3389 3389
It's backwards, should be
>ip inside source static tcp 3389 3389

But all of it is moot if his current NAT isn't on the firewall.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.