Configuring a port map on a Cisco router

Dear Experts,

I have the following config on my Cisco 877 router and wish to have access to an internal server externally.

My PUBLIC IP is 188.220.38.xx and is attached to interface ATM0.1

The PRIVATE IP of the server I want to connect to is 10.2.1.81

I also wish to connect on port 81 of my public IP (to map to 80 on the private IP) as the port 80 is already in use.

If anybody could help me modify my config accordingly, I'd really appreciate it.

Nick
CISCO877#sh run
Building configuration...

Current configuration : 6091 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname CISCO877
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 warnings
enable secret 5 xxx
!
no aaa new-model
!
crypto pki trustpoint TP-self-signed-240059495
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-240059495
 revocation-check none
 rsakeypair TP-self-signed-240059495
!
!
dot11 syslog
ip cef
no ip dhcp use vrf connected
ip dhcp excluded-address 10.2.1.0 10.2.1.10
ip dhcp excluded-address 10.2.1.250 10.2.1.254
!
ip dhcp pool lanpool
   network 10.2.1.0 255.255.255.0
   dns-server 208.67.222.222 208.67.220.220
   default-router 10.2.1.1
   lease 0 2
!
!
ip domain name xx.xx.xx
ip name-server 208.67.222.222
ip name-server 208.67.222.220
!
!
!
username nkewney privilege 15 secret 5 xxx
!
!
crypto isakmp policy 1
 encr 3des
 authentication pre-share
 group 2
crypto isakmp key xx address 62.189.191.xxx
!
!
crypto ipsec transform-set MYVPN esp-3des esp-sha-hmac
!
crypto map MYVPN 10 ipsec-isakmp
 set peer 62.189.191.253
 set transform-set MYVPN
 match address 110
!
archive
 log config
  hidekeys
!
!
!
bridge irb
!
!
interface ATM0
 mac-address 0024.172f.b2b8
 no ip address
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 no atm ilmi-keepalive
 dsl operating-mode adsl2+
!
interface ATM0.1 point-to-point
 description BE Broadband
 ip address 188.220.38.xx 255.255.252.0
 ip nat outside
 ip virtual-reassembly
 atm route-bridged ip
 pvc 0/101
  oam-pvc manage
  encapsulation aal5snap
 !
 crypto map MYVPN
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Vlan1
 description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$
 no ip address
 ip tcp adjust-mss 1452
 bridge-group 1
!
interface BVI1
 description Local Network
 ip address 10.2.1.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 188.220.36.1
!
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source static tcp 10.2.1.1 22 interface ATM0 22
ip nat inside source static tcp 10.2.1.81 80 interface ATM0 80
ip nat inside source list 111 interface ATM0.1 overload
!
access-list 1 permit any
access-list 110 remark MYVPN TO REMOTEVPN
access-list 110 permit ip 10.2.1.0 0.0.0.255 192.168.13.0 0.0.0.255
access-list 111 deny   ip 10.2.1.0 0.0.0.255 192.168.13.0 0.0.0.255
access-list 111 permit ip 10.2.1.0 0.0.0.255 any
no cdp run
!
!
!
control-plane
!
bridge 1 protocol ieee
bridge 1 route ip
banner exec ^C
-----------------------------------------------------------------------
^C
!
line con 0
 login local
 no modem enable
line aux 0
line vty 0 4
 access-class 23 in
 privilege level 15
 password enter
 login local
 transport input ssh
!
scheduler max-task-time 5000
end

Open in new window

LVL 1
nkewneyAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

shauncroucherCommented:
Change line 124:

ip nat inside source static tcp 10.2.1.81 80 interface ATM0 80

To

ip nat inside source static tcp 10.2.1.81 81 interface ATM0 80

Shaun
nkewneyAuthor Commented:
Hi Shaun,

I tried this and it didn't work.

Nick
shauncroucherCommented:
How about:

ip nat inside source static tcp 10.2.1.81 81 interface ATM0.1 80

Shaun

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
nkewneyAuthor Commented:
This was the problem.

Thank you!

Nick
shauncroucherCommented:
Glad I could help

Shaun
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Routers

From novice to tech pro — start learning today.