Cisco NAT and port forwarding

Posted on 2011-10-06
Medium Priority
Last Modified: 2012-05-12
I have a Cisco 1801 and I'm trying to forward one port to two internal ip addresses.

I need to send incoming traffic on TCP port 443 to &

My current NAT config is attached

Any ideas?

Question by:andrewprouse
LVL 11

Expert Comment

by:Kruno Džoić
ID: 36924059
You can only forward traffic to a single IP address.

Expert Comment

ID: 36924064
tou do not to add same port to more than one ip-address.
use differrent ports.

Author Comment

ID: 36924070
That's the conclusion I was coming to, the issue I have is that I need to forward port 443 to different interfaces on my MS Forefront TMG for Exchange and Lync.

Is there definitely no alternative?
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.


Accepted Solution

d33m earned 2000 total points
ID: 36924077
I hope this can help you:

Avoiding Server Overload Using Load Balancing

In the following example, the goal is to define a virtual address, connections to which are distributed among a set of real hosts. The pool defines the addresses of the real hosts. The access list defines the virtual address. If a translation does not already exist, TCP packets from serial interface 0 (the outside interface) whose destination matches the access list are translated to an address from the pool.

ip nat pool real-hosts prefix-length 28 type rotary

ip nat inside destination list 2 pool real-hosts


interface serial 0

 ip address

 ip nat outside


interface ethernet 0

 ip address

 ip nat inside

access-list 2 permit

source: http://www.cisco.com/en/US/docs/ios/ipaddr/configuration/guide/iadnat_addr_consv_ps6350_TSD_Products_Configuration_Guide_Chapter.html#wp1073492

Author Comment

ID: 36924209
D33M - That's really interesting.

Do you happen to know how it decides which 'real host' to forward the data to?

i.e.  If the traffic goes to the wrong 'real host', is it then retransmitted to the correct 'real host' or is it luck of the draw?

Expert Comment

ID: 36924260
A dynamic form of destination translation can be configured for some outside-to-inside traffic. Once a mapping is set up, a destination address matching one of those on an access list will be replaced with an address from a rotary pool. Allocation is done in a round-robin basis, performed only when a new connection is opened from the outside to the inside.

better to check it on real router, unfortunately I have no router for test now :(

so I hope you can check this and share your comments with us ))

Featured Post

Vote for the Most Valuable Expert

It’s time to recognize experts that go above and beyond with helpful solutions and engagement on site. Choose from the top experts in the Hall of Fame or on the right rail of your favorite topic page. Look for the blue “Nominate” button on their profile to vote.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

We've been using the Cisco/Linksys RV042 for years as: - an internet Gateway - a site-to-site VPN device - a leased line site-to-site subnet-to-subnet interface (And, here I'm assuming that any RV0xx behaves the same way as an RV042.  So that's …
Tired of waiting for your show or movie to load?  Are buffering issues a constant problem with your internet connection?  Check this article out to see if these simple adjustments are the solution for you.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

862 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question