Cisco 837 port forwarding

Unanswered Question


I'm trying to setup a Cisco 837 to have firewall, IPSec VPN to my office and port forwarding.

Using SDM I was able to first get the connection to the DSL provider, then using the VPN area setup the IPSec VPN. I then used the NAT area to setup port forwarding, but it does not appear to work. I think it must require the firewall/ACL area to be setup as well, but I thought the NAT tool would do the ACL automatically.

I have posted my setup, I would appreciate some pointers on what I should do to get it working.

regards, Mark

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
spremkumar Sun, 05/20/2007 - 19:23


Can you tell me using which public ip address you are trying to access your internal resources ?

Since you have mapped interface dialer onto your lan ips using which public ip you are accessing the internal resources ?

I feel the ip assignment by your SP to you is on a dynamic mode which actually keeps on changing whenever you get connected to the SP network so in this case you wont have a single common public ip all the time to access your internal lan resources..

My suggestion would be to get a public ip and map all your resources to that common ip so that it remains the same throughout..


spremkumar Sun, 05/20/2007 - 20:03


Is it possible for you to assign the public ip address on your router ?

Lets say you create a loopback ip and assign the same onto it..

Once you are done you need to change the current mappings which you have done with your dialer interface to the loopback interface or to the ip address it self..


spremkumar Sun, 05/20/2007 - 20:12

Hi Mark

I am trying to emphasis that the ip assignment from the SP is dynamic in nature and i don't think you will get the same ip every time..

Though you have done the config for port forwarding i dont think you will have defined ip address to use and access the internal lan resources..

Thats where i have suggested to check out for a static one so that you can have the same ip being used for all the time whenever you want to access your lan resources..


spremkumar Sun, 05/20/2007 - 20:26

Hi Mark

If thats the case why cant you re frame your Nat statements by using the static ip instead of interface dialer ??


spremkumar Sun, 05/20/2007 - 20:55

Hi Mark

The typical config will be like this ...

ip nat inside source static tcp 3389 x.x.x.x 3389

ip nat inside source static tcp 1723 x.x.x.x 1723

ip nat inside source static tcp 443 x.x.x.x 443

ip nat inside source static tcp 80 x.x.x.x 80

ip nat inside source static udp 53 x.x.x.x 53

ip nat inside source static tcp 53 x.x.x.x 53

ip nat inside source static tcp 25 ix.x.x.x 25

where x.x.x.x is the public static ip which you say that you are getting from the SP..

You need to do a clear ip nat translation * in order to change the nat config lines..



This Discussion