Configuring Port Forwarding CISCO 2811

Unanswered Question
Dec 9th, 2008
User Badges:


I am still struggling trying to configure port forwarding on our CISCO 2811 Router as mentioned previously LAN, Switching and Routing: Port Forwarding (static PAT) not working.

Anyone had similar experience and can shine some light how I go about configuring it.


Lee Hall

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
John Blakley Tue, 12/09/2008 - 11:53
User Badges:
  • Purple, 4500 points or more

Generally, you have nat enabled. I'm assuming you have that part done (since I haven't seen your config). :-)

Then you would put:

ip nat inside source static tcp 25 25


ip nat inside source static extendable

You can then control access into the network with ACLs on your public interface.

I may be able to help a little more if you posted your nat and interface configs.



l33h3lluk Wed, 12/10/2008 - 04:11
User Badges:

Hi Jon,

My config is posted in my previous post

LAN, Switching and Routing ->

Port Forwarding (static PAT) not working

I am using NAT and have been doing similar to what you have mentioned.

I think the problem is I'm not applying the ACL's on the correct interface.

Basically I am using the FastEthernet0/0 interface to the router

Then I have 4 Dailers that connect the ATMx/x/x interfaces.

Basically we have a switch that all our sytems including the server we want to port forward to then this is connected to the FastEthernet0/0 port on the router

The problem I was getting is that I either end up killing our outbound internet connection or Port forwarding doesn't work.

Lets say I want to port forward SMTP and my public ip was (its not but will do for the example) and the SMTP server is

so to example port forwarding i do this

ip nat inside source static tcp 25 25

then create a ACL like so

access-list 160 permit tcp any host eq 25

Now heres my confusing what interface(s) do i need to apply this?

would it be each of my dialers i.e.

interface Dialer1

ip access-group 160 in

Do I also need to apply the rule to my FastEthernet0/0 interface and do I need to apply some other rule to stop my outbound LAN traffic from being blocked from accessing the internet

At the moment I have another ACL

access-list 6 permit

which is added via route-map's for each of the Dialers.

Hope that makes sense. Let me know if you need any more info. I really want to try get this wrapped up before Christmas.



Ramprasad Pr Wed, 12/10/2008 - 05:01
User Badges:

Apply this in internface for NAT

Int f0/0

IP nat inside

int dialer 1

ip nat outside

ip nat inside source list 2 interface Dialer1 overload

access-list 2 permit



John Blakley Wed, 12/10/2008 - 05:11
User Badges:
  • Purple, 4500 points or more


You would apply your ACL to the dialer interfaces if this is where your outside NAT statements are applied.

(I haven't looked at your config yet, but if this doesn't fix it then I'll find your other post.)




This Discussion