How do I configure port forwarding to a server over a PPP connection with no public ip at branch site

I am not familiar with the equipment but the setup is actually prety straight forward.  I see a few things that dont look right to me comparing the pictures ot the config and it may be me missing something but the picture shows 172.16.28.1 and .2 however the config shows different ips from what I can tell.

interface ppp 1
  ip address  172.16.21.1  255.255.255.0
  access-policy Private
  peer default ip address 172.16.21.2
  ppp multilink
  no shutdown
  cross-connect 1 t1 1/1 1 ppp 1
  cross-connect 2 t1 1/2 1 ppp 1

My suggestion either way would be to simply change the route on main for the 1.1/24 network to go to 172.16.28.1 (looking at pick) and a route at the branch side for 2.1/24 to go to 28.2

I have a similar set up at a few customer sites where the ppp links are not restricted, if you are wanting to restrict the ports between the two I would be unable ot help further.

Yes, the diagram I used was an older version with only the PPP connection IP's changed on config.  My question was actually how to forward identical ports to two different servers, one at Main and one at branch.  I have the port forwards setup for server at main but I cant figure out how to set same ports to also forward to branch site server.  

I believe I do have both sites routes set to go to 0.0.0.0 0.0.0.0 ppp1 for both.  Both sites are working perfectly, internet access is available at branch site, each site can access other,  the only problem is I cant forward ports from x.x.x.x (vendors public IP) to both servers without using a secondary IP, I think.  I hope this is making sense.  Thanks for your help.

Ok so you are trying to forward ports from the internet router to a system at the branch correct?

If so are you trying to forward the same port from the same destination on the outside?

Is this a router or Firewall?

Yes, I am trying to forward same ports to main and branch servers from same outside ip address.  I thought I would just add a secondary IP address on the WAN connection at Main site and forward ports coming to it from the same outside IP to the branch server.  So any traffic received from 1.2.3.4 (outsideIP) with destination x.x.x.202 would be forwarded to main server and any traffic received from 1.2.3.4 (outside IP) with destination x.x.x.203 would be forwarded to branch server.  

This is an Adtran Netvanta 3448 router with firewall enabled.  I have found the configurations are very similar to Ciscos 2500 series with only minor command name changes.

Thanks for brainstorming with me on this one.

If possible can I see the config of the router/firewall with what ever changes you need to make for anonymity.

Multipath, both of the config files attached are the current in place config files.  If you look at the main.cfg you can see the port forwards to the 192.168.2.10 server.  These are the same ports I need to forward to the 192.168.1.17 server at branch site.  Originally I only had one IP address on the WAN  side so anything coming in with source would be forwarded from source to 192.168.2.10.  I created a secondary IP and wish to forward anything coming in from source to secondary IP to 192.168.1.17 at branch site.  Thanks for your help so far.

Also, please back up your configs before making any changes.

Sorry API NOC, you beat me back to the question before I could update them.  THe config files were not the finalized/edited versions.  I feel I have wasted your time at this point.  I have attached the final versions that are in production now.  
main-final.txt
branch-final.txt
netdiagram.gif

The files look similar in the sections that we are dealing with.  Read over what I wrote and see how it works out.  Remember to back up your existing config first.

Ok, I read your question and I see what you are saying I will give it a try.  But, should I apply any changes to branch router or just the main router?

Just the main router

Ok, I actually forgot to disable the firewall on the Branch site router.  Once I disabled it all traffic destined for 12.34.29.203 forwarded to the branch server.  All functions are working correctly now.  Thanks for all your help!

Glad you got a solution!!!!