Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Cisco 887va Port Forwarding Problem


I am relativly new to Cisco (So excuse any dodgy config please) and am struggling to get my port forwarding working on my Cisco 887VA, ultimately it will be for PPTP VPN's but using a online port checker it is not showing the port as open.

It works if in the NAT statment I use my external IP address, however since I have a dynamic one from my ISP this is not pratical.

I therefore tried to use an interface (As below) however this does not work... for me at least.

My config for internal and external interfaces is below.

interface Vlan1
 description LAN
 ip address
 ip flow ingress
 ip nat inside
 no ip virtual-reassembly in
 ip route-cache policy
 ip tcp adjust-mss 1452
interface Dialer1
 description Dialer interface for VDSL
 mtu 1492
 ip address negotiated
 no ip unreachables
 no ip proxy-arp
 ip nbar protocol-discovery
 ip flow ingress
 ip nat outside
 ip virtual-reassembly in
 encapsulation ppp
 ip tcp adjust-mss 1452
 dialer pool 1
 dialer-group 1
 ppp authentication chap callin
 ppp chap hostname *************
 ppp chap password 0 ********
 ppp pap sent-username *********password 0 **********
 ppp ipcp dns request
 ppp ipcp route default
 ppp ipcp address accept
 no cdp enable
ip forward-protocol nd
no ip http server
no ip http secure-server

ip dns server
ip nat inside source list 1 interface Dialer1 overload
ip nat inside source static tcp 1723 interface Dialer1 1723
ip route Dialer1
ip route
access-list 1 remark Inside_Access
access-list 1 permit
dialer-list 1 protocol ip permit


Hopefully it is something obvious I am doing wrong.




New Member

Hi Alex, I try and keep the

Hi Alex,


I try and keep the IP address off the dialer interface and insteda use Loopback interfaces where possible. try this code



interface Loopback0
 ip address negotiated
 ip nat outside

 interface Vlan1
 ip nat inside

 interface Dialer0
 ip unnumbered Loopback0
 ip nat inside source list 101 interface Loopback0 overload
 ip nat inside source static tcp 1723 interface Loopback0 1723
 ip route Dialer0
 access-list 101 permit ip any
 (internal LAN subnet)

HelloYour current NAT


Your current NAT statements are apllicable, no need to change them.

If your WAN IP changes it wont effect your connectivity.




Please don't forget to rate any posts that have been helpful. Thanks.