Cisco Port forward

Posted on 2011-04-26
Last Modified: 2013-11-12
I need some help configuring port forwarding on a Cisco 857.

I need to forward any address port 80 and 5901 to and inside address here is what i have so far, is this correct? it looks backwards to me.

ip nat inside source static tcp 80 interface Dialer0 80
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname SomenameRouter
logging buffered 51200 warnings
enable secret 5 mypassword
no aaa new-model
clock timezone PCTime -5
clock summer-time PCTime date Apr 6 2003 2:00 Oct 26 2003 2:00
crypto pki trustpoint TP-self-signed-1597199717
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certifi<wbr ></wbr><wbr ></wbr>cate-15971<wbr ></wbr>99717
 revocation-check none
 rsakeypair TP-self-signed-1597199717
dot11 syslog
no ip source-route
no ip dhcp use vrf connected
ip dhcp excluded-address
ip dhcp pool ccp-pool1
   import all
ip cef
no ip bootp server
no ip domain lookup
ip domain name
username admin privilege 15 secret 5 adminpassword
 log config
interface ATM0
 no ip address
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 no atm ilmi-keepalive
 dsl operating-mode auto
interface ATM0.1 point-to-point
 description $FW_OUTSIDE$$ES_WAN$
 pvc 0/35
  pppoe-client dial-pool-number 1
interface FastEthernet0
interface FastEthernet1
interface FastEthernet2
interface FastEthernet3
interface Vlan1
 description $ETH-SW-LAUNCH$$INTF-INFO-<wbr ></wbr><wbr ></wbr>HWIC 4ESW$$ES_LAN$$FW_INSIDE$
 ip address
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip nat inside
 ip virtual-reassembly
 ip tcp adjust-mss 1412
interface Dialer0
 ip address 192.1.x.x
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip mtu 1452
 ip nat outside
 ip virtual-reassembly
 encapsulation ppp
 dialer pool 1
 dialer-group 1
 no cdp enable
 ppp authentication chap pap callin
 ppp chap hostname 9999
 ppp chap password 0 ifs03ac1
 ppp pap sent-username 99999 password 0 999999
ip forward-protocol nd
ip route Vlan1
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source list 1 interface Dialer0 overload
ip nat inside source static tcp 80 interface Dialer0 80
ip nat inside source static udp 1194 interface Dialer0 1194
ip nat inside source static udp 1196 interface Dialer0 1196
ip nat inside source static tcp 22 interface Dialer0 22
ip nat inside source static udp 153 interface Dialer0 153
ip nat inside source static udp 181 interface Dialer0 181
ip nat inside source static tcp 30022 interface Dialer0 30022
ip nat inside source static tcp 1194 interface Dialer0 1194
ip nat inside source static tcp 1196 interface Dialer0 1196
access-list 1 remark INSIDE_IF=Vlan1
access-list 1 remark CCP_ACL Category=2
access-list 1 permit
dialer-list 1 protocol ip permit
no cdp run
banner login ^CAuthorized access only!
 Disconnect IMMEDIATELY if you are not an authorized user!^C
line con 0
 login local
 no modem enable
line aux 0
line vty 0 4
 privilege level 15
 login local
 transport input telnet ssh
scheduler max-task-time 5000


Open in new window

Question by:hoshie329
    LVL 3

    Expert Comment

    This looks correct.  Is it not working?
    LVL 4

    Expert Comment

    Well for starter I do not see line saying "ip nat inside source static tcp 5901 interface Dialer0 5901".

    Second, what is the issue saying that default route points to inside?

    - ip route Vlan1

    Shouldn’t it be pointing on outside interface?

    LVL 3

    Accepted Solution

    My comment concerning that it is correct is in response to the question if the format is correct, which it is.  

    ip route should point to the outside.

    Author Closing Comment

    thanks, i overlooked the route issue

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    What Is Threat Intelligence?

    Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

    With the purchase of CloudCommand by Comcast customers are left in a bind as subscriptions expire and render the AP's disabled. The following will explain how to flash your Ubiquiti AP's with CloudCommand firmware back to Ubiquiti firmware. HOWTO…
    Tired of waiting for your show or movie to load?  Are buffering issues a constant problem with your internet connection?  Check this article out to see if these simple adjustments are the solution for you.
    This Micro Tutorial will show you how to maximize your wireless card to its maximum capability. This will be demonstrated using Intel(R) Centrino(R) Wireless-N 2230 wireless card on Windows 8 operating system.
    Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…

    761 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    12 Experts available now in Live!

    Get 1:1 Help Now