Port Forward for NAS drive

Hi guys,
Hopefully someone can help me out, i recently got a synology DS211j NAS drive, i can connect to the NAS over the LAN, but when i try to access for outside my home network i cant connect to it. I have added the ports to redirect to the NAS drive and have even set up a DNS, not sure if i even needed it? I have tried to access by typing my ip address and port into an external computer browser, but nothing is working. 
Also after added the port to open to router i try to test the ports at canyouseeme.org, and i get the message
Error: I could not see your service on (IP Address here) on port (5000)
Reason: Connection timed out
If anyone has any idea what im doing wrong or how is fix it, please fill me in
Thanks

Sorry for the late comeback.  Been bust elsewhere.
I've kind of got the system working.  As long as I use an outside source I can view the services that are operating on the HomeHub3.  I'm just unable to view my own services whilst internally from behind the HomeHub.
Reading around this appears to be a similar issue and something to do with 'loopback' I think.  Where I can view my services from an external IP source but unable to view my services whilst attempting to look from within the internal IP source as the HomeHub setup 'denies' this action.
I've begun searching for help with lopback.  unfortunatly I'm getting a little bit of information overload with edit this hosts file, do this etc.
Would someone with homeHub knowledge know what needs to be or at least point me in a great direction the provides a step by step helpful guide to a solution of viewing my own services ?
Many thanks for knowledge given.

Similar Messages

  • Port Forwarding for L2TP/IPSec VPN Behind Verizon Actiontec MI424WR-GEN2 Rev. E v20.21.0.2

    I've got a NAS setup with various services running on custom ports to help minimize exposure (especially to script kiddies). I've tested everything both internally and externally to confirm they all work, and even had someone at a remote location confirm accessibility as well.  Port forward configurations performed on the Actiontec are working well. 
    I installed an L2TP/IPSec VPN server, tested internally and it connected successfully.  So for all intents & purposes, this validates that the VPN server is correctly configured to accept inbound connections and functioning correctly.
    I logged into the Verizon Actiontec MI424WR router, setup port forwarding for UDP ports 500, 1701 & 4500.
    Note: I added the AH & ESP protocols based on what I saw on the built-in L2TP/IPSec rules
    With the port forwarding in place, I tested VPN externally but it didn't connect.
    I've done the following so far to no avail:
    Double & triple checked the port forwards, deleted & recreated the rules a few times to be sure
    There are no other pre-existing L2RP/IPSec port forward rules or otherwise conflicting port forward rules (e.g.: another rule for ports 500, 1701 or 4500)
    There was an L2TP port triggering rule enabled, that I toggled on and off with no change
    Verified the firewall on VPN server had an exclusion for L2TP, or that the firewall is off. (Firewall is off to reduce a layer of complexity, but it worked internally to begin with so I doubt that's the issue.)
    Since it works internally, and there are no entries in the logs on the device indicating inbound connections, I'm convinced its an issue with the Verizon Actiontec router.  But unfortunately, I'm not sure what else to try or where else to look to troubleshoot this.  For instance, is there a log on the router that I can view in real time (e.g.: tail) that would show me whether or not the inbound connection attempt is reaching the device, and whether or not the device allowed or blocked it?
    My router details:
    Verizon Actiontec
    MI424WR-GEN2
    Revision E
    Firmware 20.21.0.2
    Verizon Actiontec built-in L2TP/IPSec rule templates.  They're not currently in use, but are baked into the firmware for easy configuration/selection from a drop down menu.
    Solved!
    Go to Solution.

    normally a vpn on that router, will have a GRE tunneling protocol as well.
    two ways to build the PF rules,
    Manually
    Preconfigured
    I know the preconfigured VPN rules will do the GRE protocol as well, but if you do it by hand you can't get it.

  • How do you set up Port Forwarding for ARD 2.2 in AEB N?

    Help,
    I'm a novice at Apple Remote Desktop (ARD) - not an IT guy, so it has to be pretty basic and detailed.
    How do you set up Port Forwarding for ARD 2.2 on the Apple Airport Extreme BS router, 802.11 N. I have one at each end of the internet connection. At one end I have an Airport Extreme N router with 2 macs and eventually 1 windows XP machine (if I can) that I would like to be able to connect to over the interenet (the clients) and at the other end, I have a Mac with ARD 2.2 installed also with an Airport Extreme N router. Note: Both routers use Static IP addresses and all computers use static IP's internally not through DHCP. What are the settings or directions to do this.
    I have read and printed out the directions for Configuration of ARD 3.0 that are posted many times in the ARD discusion group, but it uses a Linksys router ( http://www.starkpr.com/ard.htm posted by Dave Sawyer). The Mac router is different, particularly with the place to set a Private IP address. I'm not sure about alot of things, but especially about the Private IP address, what number do I set it to, the one that is in my Network connections list? It automatically changes to a different number in AE N setup for Port Forwarding (by one) as if it is not suppose to the same?????
    Are there any directions available that are as straight forward for the Airport Extreme N router, as the one's that are listed here for the Linksys Router's? ( http://www.starkpr.com/ard.htm )
    Any and All help will be greatly appreciated.
    P.S. I know I should have 3.0 but bought 2.2 just weeks before 3.0 came out and they would not give me an upgrade price, so I'm waiting for 4.0 to upgrade.
    Thanks,
    Jim

    Try the following for each AirPort Extreme ...
    AEBSn - Port Mapping Setup
    To setup port mapping on an 802.11n AirPort Extreme Base Station (AEBSn), either connect to the AEBSn's wireless network or temporarily connect directly, using an Ethernet cable, to one of the LAN port of the AEBSn, and then use the AirPort Utility, in Manual Setup, to make these settings:
    1. Reserve a DHCP-provided IP address for the host device.
    Internet > DHCP tab
    o On the DHCP tab, click the "+" (Add) button to enter DHCP Reservations.
    o Description: <enter the desired description of the host device>
    o Reserve address by: MAC Address
    o Click Continue.
    o MAC Address: <enter the MAC (what Apple calls Ethernet ID if you are using wired or AirPort ID if wireless) hardware address of the host computer>
    o IPv4 Address: <enter the desired IP address>
    o Click Done.
    2. Setup Port Mapping on the AEBSn.
    Advanced > Port Mapping tab
    o Click the "+" (Add) button
    o Service: <choose the appropriate service from the Service pop-up menu>
    o Public UDP Port(s): 3283
    o Public TCP Port(s): 3283
    o Private IP Address: <enter the IP address of the host server>
    o Private UDP Port(s): 3283
    o Private TCP Port(s): 3283
    o Click "Continue"
    o Click the "+" (Add) button
    o Service: <choose the appropriate service from the Service pop-up menu>
    o Public UDP Port(s):
    o Public TCP Port(s): 5900
    o Private IP Address: <enter the IP address of the host server>
    o Private UDP Port(s):
    o Private TCP Port(s): 5900
    o Click "Continue"
    o Click the "+" (Add) button
    o Service: <choose the appropriate service from the Service pop-up menu>
    o Public UDP Port(s):
    o Public TCP Port(s): 5988
    o Private IP Address: <enter the IP address of the host server>
    o Private UDP Port(s):
    o Private TCP Port(s): 5988
    o Click "Continue"
    (ref: "Well Known" TCP and UDP ports used by Apple software products)

  • Port forwarding for clientless SSL VPN access

    Hello,
    I am currently trying to set up clientless SSL VPN access for some remote sites that our company does business with. Since their machines are not owned by my company, we don't want to install/support a VPN client. Therefore, SSL is a great option.
    However, I'm running into an issue. I'm trying to set up port forwarding for a few remote servers. These remote servers are different and have distinct IP addresses. They are attempting to connect with two different servers here.
    But my issue is that both servers are trying to use the same TCP port. The ASDM is not letting me use two different port forwarding rules for the same TCP port. The rules can exist side-by-side, but they cannot be used at the same time.
    Why? It's not trying to access the same TCP port on a server when it's already in use. Is there anyway I can get around this?
    If this doesn't make sense, please let me know and I'll do my best to explain it better.

    Hi Caleb,
    if you mean clientless webvpn port-forwarding lists, then you should be able to get your requirments. even the same port of the same server can be mapped to different ports bound to the loopback IP.
    CLI:
    ciscoasa(config) webvpn
    ciscoasa(config-webvpn)# port-forward PF 2323 192.168.1.100 23
    ciscoasa(config-webvpn)# port-forward PF 2300 192.168.1.200 23
    then you apply the port-forwarder list under a group-policy
    Hope this helps
    Mashal
    Mashal Alshboul

  • Problems with Port Forwarding for RDP in WebVPN

    Hi,
    I'm hoping somebody can help me solve this problem that's been bugging for weeks. We recently implemented a double-layer firewall architecture. Before that, our users can access RDP via port forwarding on WebVPN or the Cisco VPN client without any problems.
    After we implemented the double-layer firewall architecture, users who are going through the WebVPN and port forwarding for RDP began to experience frequent disconnections, slowness or freezing connections. The users who are using the client are fine.
    I checked the logs and I'm getting repetitive TCP-O for the port forwarding connections for RDP. Additional information: the FW we installed as a 2nd layer is Netscreen. I've already set the policy on it to Any-Any for the meantime to help in troubleshooting but to no avail. 
    I hope somebody can help me in sorting this out as I'm kind of confused on the difference between the port-forwarding for RDP via the WebVPN and the normal RDP via the client.  

    Hi,
    I didnt see anything marked with red in the above? (Atleast when I was reading)
    I have not really had to deal with Routers at all since we all access control and NAT with firewalls.
    But to me it seems you have allowed the traffic to the actual IP address of the internal server rather than the public IP NAT IP address which in this case seems to be configured to use your FastEthernet4 interfaces public IP address.
    There also seems to be a Static NAT configured for the same internal host so I am wondering why the Static PAT (Port Forward) is used?
    - Jouni

  • I have the new Air Port Extreeme model A1521 and I need to set up port forwarding for HTTP. HTTP is not on the list in the set up. Does anyone know if any of those choices work for HTTP?

    I am on a Windows 7 Ultimate PC and right now there is no Airport utility for setting up the new Apple Extreme so you have to do it on your iPad or iPhone. Does anyone know how to set up port forwarding for HTTP to get to DVR security cameras? There is nothing in the list that indicates HTTP port forwarding.

    Thanks for your reply Tesserax as I did figure this out on my own. It took a bit because all of the options are not clear what they are for like the previous Airport Extreme and Apple does not support or guarantee that port forwarding will work for you application nor did any of the Apple support persons I spoke too have any knowledge for this feature. You also have to fill in the public if you are viewing through someone else's Wi-Fi or on your cell phone carrier network. This new Airport Extreme is a bit different since you cannot use the Airport utility on a PC like the older model and if anyone else is reading this they should be aware that if you do not have an Apple computer, iPhone or iPad and I'm not sure if some of the other network enabled devices like iPod Touch that you must use that can do it, there is no Airport utility for the PC and you would be wasting your money or have to take it back and get another brand wireless router to use if you do not own any of the above mentioned Apple products.

  • Not enough port fields in port forwarding for Linksys E4200

    I have always used netgear routers in the past. After a series of issues regarding configurations not working correctly I invested in what appeared to be a semi pro router, the cisco linksys e4200.
    I have a centralized server which I use to access a mass of different services such as mail, dns, VPN, FTP, Kerberos, http and many more. While I am not a massive networking nerd, this server setup is like my garage project. To access these services externally to my LAN as far as I understand I would need to configure port forwarding for each service to my server. Unfortunately the control panel for the linksys E4200 only offers about 15 custom port fields for forwarding, and some documentation I have read shows that with it's basic install my server could be using up to 60 ports at once.
    Is this router just not suitable for this sort of network. If so I will be very disappointed because I have spent a quarter of the price on netgear routers with more control than this.
    If anybody could assist with details and options I would greatly appreciate it

    Wrong forum, use "small business routers".

  • TS2972 How do you port forward for Home Sharing ?

    I want to home share with my apple tv and it's not working, so i think i need to port forward for home sharing on my apple tv. But i dont know how to port forward :S

    I use an application called port map. http://www.codingmonkeys.de/portmap/  Make sure you download the landlubbers version. When you open it add a port called minecraft with the port 25565

  • Homehub 5 port forwarding for Windows Homeserver 2...

    Hi
    Has anybody any solutions on setting up the HH5 for Windows Homeserver 2011
    I've inputted all the rules manually as WHS couldn't complete the task, to find ports 80, 443, 4125 remain closed after manual input.
    WHS reply's with UPnP not working / router not working.
    BT customer services quite appalling and I'm not paying for Tech Support as the package is only 6 months old and I feel I shouldn't have to pay for a product that isn't working correctly, if it was over 12 months I understand I should pay.
    I've manually inputted and setup port forwarding for my Iphone app and Android and they've finally started working.
    Cheers
    Solved!
    Go to Solution.

    Can you just put WHS in the DMZ on the HH5?
    If you found this post helpful, please click on the star on the left
    If not, I'll try again

  • Port forwarding for online gaming...dumb question

    Hi, I'm trying to set-up port forwarding for online gaming. There's a section that asks for port numbers, "Enter the starting numbers of the External Ports (the port numbers seen by users on the Internet)" Where do I find the numbers of the ports?

    http://portforward.com/cports.htm
    If the game isn't listed there, google for it.

  • Help with port forwarding for the WRT54G

    I need assistance please!
    I am having issues trying to setup port forwarding for a ftp. I already have set this up for a SQL Server port and it works remotely. When I setup another rule for ftp using port range 20-21 it does not work.
    I have confirmed that I have saved my settings, have the correct IP address, etc. I have firmware version 4.21.1 and not sure how to troubleshoot this. Any help would be great.
    Thanks,
    John

    Yes you do need to have the port already forwarded for port 20~21 with both TCP/IP and UDP enabled unless you know for sure your ftp only uses just one of them.  That is why I asked what port your SGL was set to.  Follow the link that other guy posted and open port 20 and 21 (I only use 21 with no problems) and make sure it is directed to the IP of the ftp host.  Also that PC needs to have the FTP enabled in windows.  To do that go to your control panel > add/remove software > and on the left side go to add/remove windows components.  Then check the box for the ftp and add it.  It should ask for your windows CD do have it handy when you add the ftp component to your PC.
    Richard Aichner (Ikester)

  • Port forwarding for WOW

    Hello,
    Just a TC today and cant find any info on how to port forward for the TC. Anyone have any clues?

    Sorry, I don't have a TC, but the port mapping (forwarding) steps should be the same as for the 802.11n AirPort Extreme Base Station (AEBSn).
    AEBSn - Port Mapping Setup
    To setup port mapping on an 802.11n AirPort Extreme Base Station (AEBSn), either connect to the AEBSn's wireless network or temporarily connect directly, using an Ethernet cable, to one of the LAN port of the AEBSn, and then use the AirPort Utility, in Manual Setup, to make these settings:
    1. Reserve a DHCP-provided IP address for the host device.
    Internet > DHCP tab
    o On the DHCP tab, click the "+" (Add) button to enter DHCP Reservations.
    o Description: <enter the desired description of the host device>
    o Reserve address by: MAC Address
    o Click Continue.
    o MAC Address: <enter the MAC (what Apple calls Ethernet ID if you are using wired or AirPort ID if wireless) hardware address of the host computer>
    o IPv4 Address: <enter the desired IP address>
    o Click Done.
    2. Setup Port Mapping on the AEBSn.
    Advanced > Port Mapping tab
    o Click the "+" (Add) button
    o Service: <choose the appropriate service from the Service pop-up menu>
    o Public UDP Port(s): <enter the appropriate UDP port values>
    o Public TCP Port(s): <enter the appropriate TCP port values>
    o Private IP Address: <enter the IP address of the host server>
    o Private UDP Port(s): <enter the same as Public UDP Ports or your choice>
    o Private TCP Port(s): <enter the same as Public TCP Ports or your choice>
    o Click "Continue"
    (ref: "Well Known" TCP and UDP ports used by Apple software products)

  • Port forwarding for LaCie NAS on AirPort Express

    Hello,
    I have just purchased both an AirPort Express and Airport Extreme to which I would like to connect a LaCie 5big NAS Pro. The NAS is physically connected to the AirPort Express, which is acting as a bridge to the AirPort Extreme. The issue is that all the ports which the NAS uses for various sharing services (SFTP, HTTPS, MyNAS, etc) are unavailable. How would I go upon opening these ports on the AirPort network, or go upon forwarding new ports to the local ones?
    Thank you in advance!

    Just to make sure I understand the situation..
    You have a new AC model extreme?? Running 7.7.1?
    Are these the correct things to be doing? I've included screenshots of both the NAS port errors as well as an example of a port entry in the AirPort utility.
    Your port forwarding looks fine..
    This is pedantic but can you change the variable name.. eg.
    Harrison HTTPS
    I know will fail in most routers.. the space being illegal.. I know apple have this strange naming convention.. but it just gives me the heabie jeabies when I see it. You can call it HHTTPS for example .. anything but no spaces and pure alphanumeric.
    BTW you never need block out a private IP address.. it is not routable.. I can tell you my computer is here.
    MacProie-5
    Information
    Status:
    Active
    Type:
    Generic Device
    Connected To:
    ethport1 (Ethernet)
    Addressing
    Physical Address:
    00:1f:f3:bd:58:52
    IP Address Assignment:
    DHCP
    IP Address:
    192.168.2.103
    Always use the same IP address:
    Yes
    DHCP Lease Time:
    Infinite
    Connection Sharing
    There is no game or service assigned to this device.
    There is absolutely no way you can connect to 192.168.2.103 or 10.0.1.101 or whatever private IP is.
    When hovering over the red buttons, it reads "Port # is already in use on your router, or your router is not compatible with the UPnP-IGD/NAT-PMP protocol"
    Your last few lines are the most distressing..
    Lacie being a more Mac orientated product has included NAT-PMP protocol in the NAS to open the required ports.. automatically in an apple router..  that means it should be able to work without intervention.
    Ports cannot be opened if they are already allocated. which is what the error message means.. already in use.. they are in use because you allocated them..
    I suggest you reset to factory the AE.. start up a single computer.. leave everything else off.. Do a basic setup of the AE just to get you network and internet access.. Then power up the NAS .. and see if it can open those ports automagically.. If not then the AE is simply not going to work at this firmware level.
    BTW.. there is no doubt the 6.3.1 utility on Mac is problematic.. Apparently the iOS one is much better.. or even 5.6.1 utility on a windows PC. If you have an iphone/ipad use the airport utility app and do the setup from there.. rather than a mac.. it has more chances of working.. maybe.
    You have an express.. this sounds odd but please change the firmware in the express back to 7.6.1 (I don't use express so I know less about them). Set it up as router in place of the extreme.. and try the NAS again.. you might need to buy a switch to do all this. But it should work if you do it via the iOS device.. well worth a try too and see if the earlier firmware can auto allocate ports via the NAT-PMP or even if that fails by manually allocating them. 
    Or the other choice is a non apple router for now.. and put the Extreme in bridge .. ie take away all NAT responsibility from it .. use your non-apple router firstly try by upnp and then manually forward the ports if you have to..
    Hope something in there helps.

  • HH3 port forwarding for Squeezebox Controller

    Hi,
    I followed the instructions from slimdevices about setting up the 3 specific TCP and UDP ports for port forwarding, and not using the DMZ. I got my external IP address from "whatsmyip", and I couldn't connect my Squeezebox Controller through the HH3 to the Squeezebox server running on my NAS. The help desk in India fowarded all TCP and UDP ports, activated the DMZ and switched the firewall off! Somewhat dangerous I felt. It still didn't work, so I've re-enabled the firewall, and switched off the DMZ.
    Is there an simple test to check whether the HH3 is doing as requested? I've tried pinging the external IP address from my office/work PC and a neighbour's PC but there's no response.
    Any suggestions gratefully received.
    TIA
    Graham Dodds

    gdodds wrote:
    Some more information - I've just realised that the HH3 (and maybe the whole of BTBroadBand?) uses dynamic IP addresses. I have to put the IP address of the remote library (the HH3 and NAS in this case) into the Controller, so if this changes while I'm away from base, I won't know what IP address to set for the library, and if I use a dynamic DNS, I can't enter the text into the Controller! What am I supposed to do?
    If you have a PC that would be on while you are away from home you can used no-ip.com and run a small bit of software that updates them so that you just have a standard URL all the time.

  • Port Forwarding for RDP 3389 is not working

    Hi,
    I am having trouble getting rdp (port 3389) to forward to my server (10.20.30.20).  I have made sure it is not an issue with the servers firewall, its just the cisco.  I highlighted in red to what i thought I need in my config to get this  to work.  I have removed the last 2 octets of the public IP info for security .Here is the configuration below:
    TAMSATR1#show run
    Building configuration...
    Current configuration : 11082 bytes
    version 15.2
    no service pad
    service timestamps debug datetime msec localtime show-timezone
    service timestamps log datetime msec localtime show-timezone
    service password-encryption
    hostname TAMSATR1
    boot-start-marker
    boot system flash:/c880data-universalk9-mz.152-1.T.bin
    boot-end-marker
    logging count
    logging buffered 16384
    enable secret
    aaa new-model
    aaa authentication login default local
    aaa authentication login ipsec-vpn local
    aaa authentication login ciscocp_vpn_xauth_ml_1 local
    aaa authorization console
    aaa authorization exec default local
    aaa authorization network groupauthor local
    aaa session-id common
    memory-size iomem 10
    clock timezone CST -6 0
    clock summer-time CDT recurring
    crypto pki token default removal timeout 0
    crypto pki trustpoint TP-self-signed-1879941380
    enrollment selfsigned
    subject-name cn=IOS-Self-Signed-Certificate-1879941380
    revocation-check none
    rsakeypair TP-self-signed-1879941380
    crypto pki certificate chain TP-self-signed-1879941380
    certificate self-signed 01
      3082024B 308201B4 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
      31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
      69666963 6174652D 31383739 39343133 3830301E 170D3131 30393136 31393035
      32305A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
      4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 38373939
      34313338 3030819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
      8100BD7E 754A0A89 33AFD729 7035E8E1 C29A6806 04A31923 5AE2D53E 9181F76C
      ED17D130 FC9B5767 6FD1F58B 87B3A96D FA74E919 8A87376A FF38A712 BD88DB31
      88042B9C CCA8F3A6 39DC2448 CD749FC7 08805AF6 D3CDFFCB 1FE8B9A5 5466B2A4
      E5DFA69E 636B83E4 3A2C02F9 D806A277 E6379EB8 76186B69 EA94D657 70E25B03
      542D0203 010001A3 73307130 0F060355 1D130101 FF040530 030101FF 301E0603
    ip dhcp excluded-address 10.20.30.1 10.20.30.99
    ip dhcp excluded-address 10.20.30.201 10.20.30.254
    ip dhcp excluded-address 10.20.30.250
    ip dhcp pool tamDHCPpool
    import all
    network 10.20.30.0 255.255.255.0
    default-router 10.20.30.1
    domain-name domain.com
    dns-server 10.20.30.20 8.8.8.8
    ip domain name domain.com
    ip name-server 10.20.30.20
    ip cef
    no ipv6 cef
    license udi pid CISCO881W-GN-A-K9 sn
    crypto vpn anyconnect flash:/webvpn/anyconnect-dart-win-2.5.3054-k9.pkg sequence 1
    ip tftp source-interface Vlan1
    class-map type inspect match-all CCP_SSLVPN
    match access-group name CCP_IP
    policy-map type inspect ccp-sslvpn-pol
    class type inspect CCP_SSLVPN
      pass
    zone security sslvpn-zone
    crypto isakmp policy 10
    encr aes 256
    authentication pre-share
    group 2
    crypto isakmp policy 20
    encr aes 192
    authentication pre-share
    group 2
    crypto isakmp key password
    crypto isakmp client configuration group ipsec-ra
    key password
    dns 10.20.30.20
    domain tamgmt.com
    pool sat-ipsec-vpn-pool
    netmask 255.255.255.0
    crypto ipsec transform-set ipsec-ra esp-aes esp-sha-hmac
    crypto ipsec transform-set TSET esp-aes esp-sha-hmac
    crypto ipsec profile VTI
    set security-association replay window-size 512
    set transform-set TSET
    crypto dynamic-map dynmap 10
    set transform-set ipsec-ra
    reverse-route
    crypto map clientmap client authentication list ipsec-vpn
    crypto map clientmap isakmp authorization list groupauthor
    crypto map clientmap client configuration address respond
    crypto map clientmap 10 ipsec-isakmp dynamic dynmap
    interface Loopback0
    ip address 10.20.250.1 255.255.255.252
    ip nat inside
    ip virtual-reassembly in
    interface Tunnel0
    description To AUS
    ip address 192.168.10.1 255.255.255.252
    load-interval 30
    tunnel source
    tunnel mode ipsec ipv4
    tunnel destination
    tunnel protection ipsec profile VTI
    interface FastEthernet0
    no ip address
    interface FastEthernet1
    no ip address
    interface FastEthernet2
    no ip address
    interface FastEthernet3
    no ip address
    interface FastEthernet4
    ip address 1.2.3.4
    ip access-group INTERNET_IN in
    ip access-group INTERNET_OUT out
    ip nat outside
    ip virtual-reassembly in
    no ip route-cache cef
    ip route-cache policy
    ip policy route-map IPSEC-RA-ROUTE-MAP
    duplex auto
    speed auto
    crypto map clientmap
    interface Virtual-Template1
    ip unnumbered Vlan1
    zone-member security sslvpn-zone
    interface wlan-ap0
    description Service module interface to manage the embedded AP
    ip unnumbered Vlan1
    arp timeout 0
    interface Wlan-GigabitEthernet0
    description Internal switch interface connecting to the embedded AP
    switchport mode trunk
    no ip address
    interface Vlan1
    description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$
    ip address 10.20.30.1 255.255.255.0
    ip nat inside
    ip virtual-reassembly in
    ip tcp adjust-mss 1452
    ip local pool sat-ipsec-vpn-pool 10.20.30.209 10.20.30.239
    ip default-gateway 71.41.20.129
    ip forward-protocol nd
    ip http server
    ip http access-class 23
    ip http authentication local
    ip http secure-server
    ip http timeout-policy idle 60 life 86400 requests 10000
    ip dns server
    ip nat inside source list ACL-POLICY-NAT interface FastEthernet4 overload
    ip nat inside source static tcp 10.20.30.20 3389 interface FastEthernet4 3389
    ip nat inside source static 10.20.30.20 (public ip)
    ip route 0.0.0.0 0.0.0.0 public ip
    ip route 10.20.40.0 255.255.255.0 192.168.10.2 name AUS_LAN
    ip access-list extended ACL-POLICY-NAT
    deny   ip 10.0.0.0 0.255.255.255 10.20.30.208 0.0.0.15
    deny   ip 172.16.0.0 0.15.255.255 10.20.30.208 0.0.0.15
    deny   ip 192.168.0.0 0.0.255.255 10.20.30.208 0.0.0.15
    permit ip 10.20.30.0 0.0.0.255 any
    permit ip 10.20.31.208 0.0.0.15 any
    ip access-list extended CCP_IP
    remark CCP_ACL Category=128
    permit ip any any
    ip access-list extended INTERNET_IN
    permit icmp any any echo
    permit icmp any any echo-reply
    permit icmp any any unreachable
    permit icmp any any time-exceeded
    permit esp host 24.153. host 66.196
    permit udp host 24.153 host 71.41.eq isakmp
    permit tcp host 70.123. host 71.41 eq 22
    permit tcp host 72.177. host 71.41 eq 22
    permit tcp host 70.123. host 71.41. eq 22
    permit tcp any host 71..134 eq 443
    permit tcp host 70.123. host 71.41 eq 443
    permit tcp host 72.177. host 71.41. eq 443
    permit udp host 198.82. host 71.41 eq ntp
    permit udp any host 71.41. eq isakmp
    permit udp any host 71.41eq non500-isakmp
    permit tcp host 192.223. host 71.41. eq 4022
    permit tcp host 155.199. host 71.41 eq 4022
    permit tcp host 155.199. host 71.41. eq 4022
    permit udp host 192.223. host 71.41. eq 4022
    permit udp host 155.199. host 71.41. eq 4022
    permit udp host 155.199. host 71.41. eq 4022
    permit tcp any host 10.20.30.20 eq 3389
    evaluate INTERNET_REFLECTED
    deny   ip any any
    ip access-list extended INTERNET_OUT
    permit ip any any reflect INTERNET_REFLECTED timeout 300
    ip access-list extended IPSEC-RA-ROUTE-MAP
    deny   ip 10.20.30.208 0.0.0.15 10.0.0.0 0.255.255.255
    deny   ip 10.20.30.224 0.0.0.15 10.0.0.0 0.255.255.255
    deny   ip 10.20.30.208 0.0.0.15 172.16.0.0 0.15.255.255
    deny   ip 10.20.30.224 0.0.0.15 172.16.0.0 0.15.255.255
    deny   ip 10.20.30.208 0.0.0.15 192.168.0.0 0.0.255.255
    deny   ip 10.20.30.224 0.0.0.15 192.168.0.0 0.0.255.255
    permit ip 10.20.30.208 0.0.0.15 any
    deny   ip any any
    access-list 23 permit 70.123.
    access-list 23 permit 10.20.30.0 0.0.0.255
    access-list 24 permit 72.177.
    no cdp run
    route-map IPSEC-RA-ROUTE-MAP permit 10
    match ip address IPSEC-RA-ROUTE-MAP
    set ip next-hop 10.20.250.2
    banner motd ^C
    UNAUTHORIZED ACCESS TO THIS NETWORK DEVICE IS PROHIBITED.
    You must have explicit permission to access or configure this device.  All activities performed on this device are logged and violations of this policy may result in disciplinary and/or legal action.
    ^C
    line con 0
    logging synchronous
    line aux 0
    line 2
    no activation-character
    no exec
    transport preferred none
    transport input all
    line vty 0
    access-class 23 in
    privilege level 15
    logging synchronous
    transport input telnet ssh
    line vty 1 4
    access-class 23 in
    exec-timeout 5 0
    privilege level 15
    logging synchronous
    transport input telnet ssh
    scheduler max-task-time 5000
    ntp server 198.82.1.201
    webvpn gateway gateway_1
    ip address 71.41. port 443
    http-redirect port 80
    ssl encryption rc4-md5
    ssl trustpoint TP-self-signed-1879941380
    inservice
    webvpn context TAM-SSL-VPN
    title "title"
    logo file titleist_logo.jpg
    secondary-color white
    title-color #CCCC66
    text-color black
    login-message "RESTRICTED ACCESS"
    policy group policy_1
       functions svc-enabled
       svc address-pool "sat-ipsec-vpn-pool"
       svc default-domain "domain.com"
       svc keep-client-installed
       svc split dns "domain.com"
       svc split include 10.0.0.0 255.0.0.0
       svc split include 192.168.0.0 255.255.0.0
       svc split include 172.16.0.0 255.240.0.0
       svc dns-server primary 10.20.30.20
       svc dns-server secondary 66.196.216.10
    default-group-policy policy_1
    aaa authentication list ciscocp_vpn_xauth_ml_1
    gateway gateway_1
    ssl authenticate verify all
    inservice
    end

    Hi,
    I didnt see anything marked with red in the above? (Atleast when I was reading)
    I have not really had to deal with Routers at all since we all access control and NAT with firewalls.
    But to me it seems you have allowed the traffic to the actual IP address of the internal server rather than the public IP NAT IP address which in this case seems to be configured to use your FastEthernet4 interfaces public IP address.
    There also seems to be a Static NAT configured for the same internal host so I am wondering why the Static PAT (Port Forward) is used?
    - Jouni

Maybe you are looking for

  • Returned Phone

    My new Samsung Galaxy S4 phone had a reception problem and I was getting frequent drop calls in my house ever since I got the new phone. Verizon Wireless sent me a new replacement phone and that fixed the issue. That was in July 2013.  However, a big

  • SCCM 2012 - Migrating SQL components to cluster including Reporting Services

      Current SCCM 2012 environment:  - CAS with database on remote SQL (non-cluster) server in a named instance - SQLSRV\CASINST   - SQL Reporting Services in also installed in the SQLSRV\CASINST instance   - The SCCM Reporting Services Point role is in

  • How to create slick maps in Flash?

    Admiring the new Flash maps I see on the web and wondering how I can make my flash map look as slick? I can make decent maps in flash but would like to make transparent windows, slick dropdowns, etc. I am not asking you to explain it all but if you c

  • Mobile user can't log in

    Hello, I have an issue with mobile users. I have a Mac OS X server set up with OD. I have created mobile user profiles on it. Those profiles can log in to the server without issues. Yet, I can't log on to any other mac on my network with those mobile

  • Kernel Panic on opening Mail application

    When I try to open the Mail application I get this message The mailbox "~/Library/Mail/Mailboxes/Outbox.mbox" is currently locked by "(null)" on host "<?xml version="1.0" encoding="UTF-8"?>". If you open a mailbox that already is in use, you may dama