Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

1 on 1 NAT and port forwarding not working...


This is not the first time i will configure over the internet access to a local server but this particular one is giving me a major headache and i thought to share the config with anyone who can help ppoint where the problem may be. While my NAT transalations seem to be working, when i attempt to browse the public IP, i am supposed to be routed to the local server, but this doesnt happen and i just get a blank page on my web browser. Please see config below:

J#sh run

Building configuration...

Current configuration : 5368 bytes


version 12.4

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption


hostname J





enable secret 5 $1$aNyD$j4lIgFXI84Xp9RR5dzwVk0


aaa new-model



aaa authentication login default local

aaa authorization exec default local



aaa session-id common

clock timezone PCTime 1


crypto pki trustpoint TP-self-signed-1366127775

enrollment selfsigned

subject-name cn=IOS-Self-Signed-Certificate-1366127775

revocation-check none

rsakeypair TP-self-signed-1366127775



crypto pki certificate chain TP-self-signed-1366127775

certificate self-signed 01

  30820255 308201BE A0030201 02020101 300D0609 2A864886 F70D0101 04050030

  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274

  69666963 6174652D 31333636 31323737 3735301E 170D3032 30333031 30303533

  35315A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649

  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 33363631

  32373737 3530819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281

  8100CCDC 58E9E078 C978DBC5 CD0D97A0 6B506E2B 4843F38C 578721BF 285EC7BF

  F3700E9C FAD9233C A4CC95F6 F29FE5CD 4664F85F 862FB879 1255F21B 725A2773

  E1E4BEC0 632A7FFD C383F08E D5FAA4FC 4558BE6B 1B383D7E 19A871F6 3BAB9BAE

  B7CB84BB 510A09A3 FA260893 B0BD5AB1 027C97C6 2B2D2B6C AE2683FC AC3015B6

  CE8F0203 010001A3 7D307B30 0F060355 1D130101 FF040530 030101FF 30280603

  551D1104 21301F82 1D4C494E 45545241 4C455F41 424A2E6C 696E6574 72616C65

  2E6C6F63 616C301F 0603551D 23041830 16801434 DD7F3F33 59A951AA 1BBBF414

  59302323 10248530 1D060355 1D0E0416 041434DD 7F3F3359 A951AA1B BBF41459

  30232310 2485300D 06092A86 4886F70D 01010405 00038181 00A9C9DF 5D2F2042

  0AA151FF 72F7D52A 8244C102 4AEDDB6E C7FBA201 A283D693 5F5E9376 0D15E7FE

  EBB804A5 C08F6CA1 A416118F D5A06864 EF242404 091F2FFE 3F85B0DE 98E1F747

  AC5FBBDE 1E27AE14 64D71B5F A1A48EC7 90882BD2 C3617E7C 8D6426A0 EDA23AB1

  32350B15 5E2489F6 018A76A0 3E1595DA 6797723E 563D268A 66


dot11 syslog

no ip source-route

ip cef

no ip dhcp use vrf connected

ip dhcp excluded-address


ip dhcp pool J

   import all



   domain-name linetrale.local




no ip bootp server

ip domain name linetrale.local




crypto ipsec transform-set 3DES-SHA esp-3des esp-sha-hmac

crypto ipsec transform-set AES-SHA esp-aes esp-sha-hmac

crypto ipsec transform-set 3DES-SHA-compression esp-3des esp-sha-hmac comp-lzs

crypto ipsec transform-set AES-SHA-compression esp-aes esp-sha-hmac comp-lzs

crypto ipsec transform-set ESP-3DES-SHA2 esp-3des esp-sha-hmac


log config




ip tcp synwait-time 10

ip ssh time-out 60

ip ssh authentication-retries 2




interface FastEthernet0

switchport access vlan 101


interface FastEthernet1


interface FastEthernet2


interface FastEthernet3


interface FastEthernet4


ip address x.x.x.x

ip verify unicast reverse-path

no ip redirects

no ip unreachables

no ip proxy-arp

ip mtu 1400

ip nat outside

ip virtual-reassembly

ip route-cache flow

ip tcp adjust-mss 1380

duplex auto

speed auto


interface Vlan1

no ip address


interface Vlan101

description LAN_FW_INSIDE

ip address

no ip redirects

no ip unreachables

no ip proxy-arp

ip accounting output-packets

ip nat inside

ip virtual-reassembly

ip route-cache flow


ip forward-protocol nd

ip route y.y.y.y


ip http server

ip http authentication local

ip http secure-server

ip http timeout-policy idle 60 life 86400 requests 10000

ip dns server

ip nat inside source list 1 interface FastEthernet4 overload

ip nat inside source static tcp 80 x.x.x.x 80 extendable

! x.x.x.x is the public IP

access-list 1 remark INSIDE_IF=VLAN101

access-list 1 remark SDM_ACL Category=2

access-list 1 permit







line con 0

no modem enable

transport output telnet

speed 115200

line aux 0

modem InOut

transport output telnet

stopbits 1

speed 115200

flowcontrol hardware

line vty 0 4

privilege level 15

terminal-type moni

transport input telnet ssh


scheduler max-task-time 5000

scheduler allocate 4000 1000

scheduler interval 500


webvpn context Default_context

ssl authenticate verify all


no inservice



Any help will be really appreciated.



Everyone's tags (1)