try to permit static route for remote admin with 827 cisco router

I have a 827 cisco router and I need to configure a static route from outside IP to inside IP.  Let's say outside IP is and inside IP is and the server to be administrated is on port 555
Here is the current config.  thank you

1 Ethernet/IEEE 802.3
 set peer                      
 set transform-set papabear                      
 match address 106tile configuration
bridge irb          

interface Ethernet0  
8192K bytes of
 ip address secondary                      
 ip address be 0x2102 at next reload)          
 ip nat inside              
 no cdp enable        

 hold-queue 32 in                

interface ATM0              

 ip access-group 102 in

Name c
 ip inspect inside-to-WWW out              
 ip nat outside8, prot=50, spi
 no ip route-cache)            
 no ip mroute-cachesion 12.1(1r)XB1, R
 crypto map armadillo9:09.839: %CRYPTO-4-R
ip classless: decaps: re
ip route, Inc.                          
no ip http server27
s invalid spi
ip nat inside source route-map nonat interface BVI1 overloadpi=0x4DB85D6(81495510)confreg 0x2142                        
logging trap ere          
access-list 102 permit tcp any any eq 56316.22.10                                  
access-list 102 permit udp any any eq 5631        
   network 255.255.2
access-list 102 permit tcp any any eq 5632 default-router 95134-17
access-list 102 permit udp any any eq 563206.13.28.12Internetwork Operating System S
access-list 106 permit ip (C8
ip inspect one-minute low 280C, EARLY DEPLOYMENT RELE    
ip insp
access-list 152 deny   ip host 30 block-time 1
TAC:Home:SW:IOS:Specials for info      
access-list 152 permit ip anyy cisco Systems, Inc.    
ip inspect name inside-t
access-list 152 permit ip anyt name inside-to-WWW ftp              
Image text-ba
no cdp runpect name
route-map nonat permit 10                        

 match ip address 152-to-WWW udp U.S. Expo
snmp-server community coavlesw RWme inside-                      
outside the United Sta
snmp-server chassis-id <<Router Serial#>>bear esp-3des esp-sha-hmac              
snmp-server enable traps snmp linkdown linkup coldstart warmstart 10 ipsec-isakmp                                    
 set peer 20
snmp-server enable traps atm pvcuts
 set transform-set papabear
snmp-server enable traps syslogh address 106        
either b
snmp-server host thlunlad  snmprnet0                  
 ip address 192.168.16
snmp-server managercondaryo Systems, I
bridge 1 protocol ieeeent.          
 ip add
 bridge 1 route ip5.255.255.0Persons
banner motd ^CS. and Canada
*****************************************************************queue 32 in          
interface ATM0              

privilege exec level 5 ping
privilege exec level 5 show crypto isakmp sa
privilege exec level 5 show crypto ipsec sa
privilege exec level 5 clear crypto isakmp
privilege exec level 5 clear crypto sa
line con 0
 exec-timeout 30 30
 password 7 082B434B0D0B091219
 login authentication userauthen
 transport input none
 stopbits 1
line vty 0 4
 exec-timeout 30 30
 privilege level 5
 password 7 105D1A1E
 login authentication userauthen
scheduler max-task-time 5000
Who is Participating?
I believe the command you are referring to is

no ip mroute-cache

-sion is probably from console message or debug which was mixed in the output.

You can safely ignore this commnad. mroute-cache is used for multicast traffic switching, like if you will be feeding 25 workstations with Video and have a infrastructure that support multicasting, you may come accross using mroute-cache, which is highly unlikely in your scenario so it is disabled on your router.
lizardqueen007Author Commented:
also I would like to have more than 1 port static
Ron MalmsteadInformation Services ManagerCommented:
Access-group +list + static mapping.

>config t

access-group acl_out in interface outside
access-group acl_in in interface inside

                                                     from                                               outsideip         port
access-list acl_in permit tcp host eq 555
access-list acl_out permit tcp any any eq 555


                                             outsideip     port   insideip       port
static (inside,outside) tcp 555 555 netmask 0 0
Improve Your Query Performance Tuning

In this FREE six-day email course, you'll learn from Janis Griffin, Database Performance Evangelist. She'll teach 12 steps that you can use to optimize your queries as much as possible and see measurable results in your work. Get started today!

lizardqueen007Author Commented:
Thank you I will try right now
lizardqueen007Author Commented:
This router does not recognize access-group.  
Router(config)#access-group acl_out in interface outside
% Invalid input detected at '^' marker.
can you do the following on the router?

no debug all

and then type show running and post the output again?
lizardqueen007Author Commented:
Yes, I can post agin with "no debug all" but I not for a day, because I am not at the location.
May I ask what we are looking for?
Also, their network is very simple.  All they have is a DSL connection with 4 computers.  I did not configure this thing and it seems like an unnecessarily complicated configuration.  I am considering resetting the config and starting from scratch.  Any opinions?
I asked the ISP how the router autenticates since it is ppoe, but no username and password that I see.  He said that entering the external IP address works.  Has any one used this before and is it a common way to configure PPoe/DSL?
Thanks for the help
You can have connection without username password, depending on the ISP.

We need to create static NAT translation on the router itself. Since your configuration is not very clear, I don't want to give commands based on guessing
lizardqueen007Author Commented:
Hi Naveedb,
I agree that this configuration is not very clear.  I am glad to hear someone else say it.  I am new to cisco and looking at that ipsec stuff really threw me.  I was able to accomplish the task of permitting a static route for the remote admin with the following:
ip nat inside source static tcp 4000 4000 extendable
Where the inside IP of the host to be remotely administrated is and the is the outside IP.  The port number is hypothetically 4000.
I also had to add a permit tcp 4000 to the access list.
I was surprised that it worked, but sometimes I get lucky.
The documents that helped me were:
I believe that the person that originally set it up just used some stock configuration, because the clients needs are very simple and this configurations seem way too complicated.
Thank you for the help.  Any insite into what the mroute-cachesion is about please let me know.  I can not find it in the ios book that I have nor cisco documents.  Someday this configuration will come back to haunt me I am sure and I will probably have to clear the config and start from scratch.
lizardqueen007Author Commented:
Hello, Naveedb,
May I ask?
1)what is in your opinion the best book for someone starting cisco?  I am looking for a book that is not necessarily aimed at  becoming certified, but a good, quick(if possible), book on real-world solutions to cisco routers for someone new to cisco devices.

There are many areas in Cisco Routers, like Routing, Switching, Security, Voice and Data etc.? Which one would better describe your needs?

For very beginners, you normally start with understing IOS commands, but  with the newer routers supporting Web GUIs, it might be much easier to use these tools instead of old command line. So, it is also a generation question in this respect.
lizardqueen007Author Commented:
I have to use command line do to generation issues as you said.
I have the ios in a nutshell book.  I am looking for a book that can translate cisco terminology into more network+ type terminology.  I suppose there is no one book, but I thought you might have a favorite for making the leap from network+ to  cisco.
I have used many books for my certification and latter just to keep up with changing technologies, so would not recommend any one book, as in my experience two readers can have a different opinion about the same book. I would however suggest as my teachers have to use for learning. It is an excelent source for training on all aspects of technology and cisco products.

To try; just have a look at the following link; and browse through NAT. Spend sometime gonig through the links and you will realize that it gives a lot of information (and an answer to your question too).

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.