Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

port forwarding

I have a Cisco 800 series router. I have several external IP's to use and I need to open port 443 for two internal servers. I can only configure PAT for one server which makes sense, however, I need to SSL for a second server. For example I have a Citrix machine needing to receive SSL and I have OWA and RPC over HTTP that needs to be received on the exchange machine. How can I configure one of my unused external IP's to forward to one of the internal machines while leaving the eternal IP on the external side of the firewall pointed to the other through PAT? I would appreciate any help. I have not configured any access lists or anything besides PAT.

Hall of Fame Super Blue

Re: port forwarding

Hi Kevin

Could you give a few more details. You mention a firewall , is that 800 router or a separate device. A quick topology of the network together with the IP addressing would help us.


New Member

Re: port forwarding

Yes the Cisco 800 series router is also our firewall. We currently use PAT for port forwarding. We have a Citrix server that requires HTTPS access. We also have OWA and RPC over HTTP which (best practices) requires HTTPS access on our exchange server. All of this has worked beautifully for years until we recently changed our Cisco 800 series router/firewall. We lost our configuration and had to begin all over. Citrix is currently working over HTTPS however, I can't make another entry for HTTPS (port 443) in PAT to allow or forward RPC over HTTP request to a different Server. I'm using the exact same model of Cisco router/firewall as I did before so I know it has the capability. I just don't know the command. Here are some examples of our IP scheme

public IPS.

internal on firewall



If is on the external side of the firewall, how do I take the next ip .81 and forward it to the exchange server

Hall of Fame Super Blue

Re: port forwarding


ip nat inside source static

this is assuming you have

1) "ip nat inside" on your internal interface

2) "ip nat outside" on your external interface

You can then lock down with an access-list the port that is allowed to the internal server.



New Member

Re: port forwarding

Thanks for your help. I do have NAT on the inside network. However, the Cisco 800 series doesn't have nat as an option only PAT. Is there a command to view if nat is enabled on the router?

New Member

Re: port forwarding

I have created the Ip Nat. Now how do I create an access list to allow port 443 only inside?

New Member

Re: port forwarding

Hi, have a look at this config it may help you, also check out the link at the bottom.

If you perform NAT on both interfaces, keep in mind the addresses that are visible to a given interface. In Figure 13-3, an outside server uses static NAT so that a translated address appears on the inside network.

Figure 13-3 IP Addresses in Access Lists: NAT used for Source and Destination Addresses

See the following commands for this example:

hostname(config)# access-list INSIDE extended permit ip host

hostname(config)# access-group INSIDE in interface inside