Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

877 Port Forwarding issue with Site to Site VPN and use of route-map

I have an issue on a Cisco 877 using IOS 12.4(20)T3 where I already have one port forward that works which uses a route-map to avoid dramas with the remote subnet begin subjected to the static port forward locally.

I need to create an additional port forward which uses a different external port than 3389 as I only have a single external static IP and 3389 is already is use for the first server on the local lan.

This is the specific section for the port forwarding rules.

ip nat inside source route-map SDM_RMAP_1 interface Dialer0 overload

ip nat inside source static tcp 80 210.xxxx 80 route-map No-Eden-NAT extendable

ip nat inside source static tcp 443 210.xxxx 443 route-map No-Eden-NAT extendable

ip nat inside source static tcp 3389 210.xxxx 3389 route-map No-Eden-NAT extendable

This one does not work  ----->  ip nat inside source static tcp 3389 210.xxxx 8000 route-map SecureRDP extendable

I have tried using other external ports other than 8000 but they do not work either.

And below is listed the route-maps

route-map No-Eden-NAT permit 10
match ip address 120
route-map SDM_RMAP_1 permit 1
match ip address 107
route-map SecureRDP permit 10
description Map for direct RDP to both Servers from certain IP's
match ip address 130

access-list 120 remark Deny Eden subnet being routed in via port forward
access-list 120 deny   ip host
access-list 120 permit ip host any
access-list 130 remark Deny Eden subnet and restrict RDP access
access-list 130 deny   ip host
access-list 130 permit ip host any

Surely a Cisco router should be able to port forward from an alternate external port to a second server using 3389 ??

There is also a ZBFW but I have checked over those rules a million times and am convinced that they are correct as the rules match the port forwards that are working.

I believe that there is some bug in the IOS that will not port forward when the external port and the internal port do not match !!

Any help is greatly appreciated as I can't change the internal port for the second server as it's a Terminal Server.

Everyone's tags (5)