Cisco NAT and port forwarding

Posted on 2011-10-06
Last Modified: 2012-05-12
I have a Cisco 1801 and I'm trying to forward one port to two internal ip addresses.

I need to send incoming traffic on TCP port 443 to &

My current NAT config is attached

Any ideas?

Question by:andrewprouse
    LVL 11

    Expert Comment

    You can only forward traffic to a single IP address.
    LVL 8

    Expert Comment

    tou do not to add same port to more than one ip-address.
    use differrent ports.

    Author Comment

    That's the conclusion I was coming to, the issue I have is that I need to forward port 443 to different interfaces on my MS Forefront TMG for Exchange and Lync.

    Is there definitely no alternative?
    LVL 1

    Accepted Solution

    I hope this can help you:

    Avoiding Server Overload Using Load Balancing

    In the following example, the goal is to define a virtual address, connections to which are distributed among a set of real hosts. The pool defines the addresses of the real hosts. The access list defines the virtual address. If a translation does not already exist, TCP packets from serial interface 0 (the outside interface) whose destination matches the access list are translated to an address from the pool.

    ip nat pool real-hosts prefix-length 28 type rotary

    ip nat inside destination list 2 pool real-hosts


    interface serial 0

     ip address

     ip nat outside


    interface ethernet 0

     ip address

     ip nat inside

    access-list 2 permit


    Author Comment

    D33M - That's really interesting.

    Do you happen to know how it decides which 'real host' to forward the data to?

    i.e.  If the traffic goes to the wrong 'real host', is it then retransmitted to the correct 'real host' or is it luck of the draw?
    LVL 1

    Expert Comment

    A dynamic form of destination translation can be configured for some outside-to-inside traffic. Once a mapping is set up, a destination address matching one of those on an access list will be replaced with an address from a rotary pool. Allocation is done in a round-robin basis, performed only when a new connection is opened from the outside to the inside.

    better to check it on real router, unfortunately I have no router for test now :(

    so I hope you can check this and share your comments with us ))

    Featured Post

    How to improve team productivity

    Quip adds documents, spreadsheets, and tasklists to your Slack experience
    - Elevate ideas to Quip docs
    - Share Quip docs in Slack
    - Get notified of changes to your docs
    - Available on iOS/Android/Desktop/Web
    - Online/Offline

    Join & Write a Comment

    I have seen some questions on problems with SSH/telnet access to Cisco routers that may occur despite the fact that from a PC connected to your LAN, Internet connectivity is in place and users can access Internet sites without any issues.  There are…
    I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

    734 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    24 Experts available now in Live!

    Get 1:1 Help Now