VNC - Port Forwarding

Similar Messages

• Port forwarding for external access to VNC server on multiple machines

  I will have 10 PCs connected to the WRT54GL wireless AP. I am testing with 1. It has a static addresses 10.155.22.51. It is running a VNC server at port 5951.
  If I  set my VNC client up to access 10.155.22.51:5951 it works through the WRT54GL wireless AP.
  I set the WRT54GL port forwarding to 5951 - 5951, set the IP address to 10.155.22.51 and enable. The external address of the AP is 10.155.0.29 on the company LAN.
   So I set the VNC client to access the AP address with the VNC port, i.e. 10.155.0.29:5951. I expect the AP to change the address to 10.155.22.51:5951. This does not work.
  Note: the problem could be that the AP is going through NATting because I can also access it at 10.155.22.9 along with all the other PCs on that LAN, i.e. I can access the LAN directly from elsewhere on the company net.

  You can try changing the IP of the AP manually ... connect it to the Computer  ..... access the setup page using http://192.168.1.245  .... use password as admin ....
  Configure the IP settings first ...
  Again login with new IP address .... configure wireless settings .....
  Power down the AP & then the router ....
  Wait for few minutes .... then power on the router ...first then the AP ...

• VNC without access to set up port forwarding

  I just bought the VNC Viewer app for my iPhone 4 and got it to work over 3G and wifi with my macbook pro connected to my home network. I know very little about networking but I knew enough to be able to set up port forwarding to my ip on my router at home. The problem is that I am a student in college right now, so my computer will be hooked up to the schools network when winter break is over. I have no access to set anything up on the network at school, so how will I get this to work? I made a host name at no-ip (does that allow me to connect to my computer even when my ip changes?), and I read something about being able to set up an ssh tunnel to make it work...maybe? I now have no idea what to do and the other forums I've read about this topic are using language that I am not familiar with. I need some network education! Again, the problem is setting up my MacBook Pro to allow a VNC connection on a network I have no control over. Thanks!
  Message was edited by: drummer914

  My suggestion is using TeamViewer.com (they have both a Mac and an iPhone app) and it is free for personal use.
  Team viewer has the ability to work across routers and corporate firewalls.
  The problem with ssh is that it also needs port forwarding the same as VNC. You could have your Mac at college ssh to a Mac at home, setting up a reverse tunnel (ssh -R). You then VNC to the Mac at home, and instead of attaching to a VNC server at home, you connect to the ssh tunnel listening for connections. You would have to always have the tunnel established from your college Mac to a home Mac (or it could be a Linux box at home). And at home you would also need to port forward port 22 so your college Mac and ssh into your home Mac.
  It might be an interesting exercise, but I think you would be happier using TeamViewer.com

• Port forwarding for airport utility 5.6.1

  Hi,
  The previous version of airport utility had a simple tab "port mapping" that allowed me to forward ports so that various servers running on my machine could be accessible via outside of my WAN/LAN.  However, when using the latest version, I don't see anything related to port mapping, the closest I found was an IPv6 Firewall-- which I am not certain is what I am looking for......
  Ultimately, I have a development web server that I run on port 3000, and I want this to be accessible from the outside world--- and also I would like VNC guests to be able to do screen sharing / remote access which I believe is through port 5900...  How can I make these two things accessible through my standard IPv4 address?
  Thank you.

  Tesserax, you seem to be the Airport Extreme guru.  Been trying to find answers on forums all day so as not to duplicate a post.  Also tried to find a way to contact you directly so as not to get off topic here...but couldn't see an option.
  Running Airport Extreme Version 7.6.1.  Hosting a FileMaker Pro 10 file on a PowerPC on my home network (ISP is TimeWarner ...ugh).  Need to publish this file to the URL the gent that hosts my site has pointed at my public IP addy here on my home network.
  Created DHCP Reservation by MAC Address for the machine hosting to achieve static IP.  Have opened ports 80 and 5003 (filemaker) in Port Mapping.  Both pointing at the IP addy of that same machine hosting the file.  Some discussions have said to make the end of IP .201 or higher for port forwarding so I've done so.
  Port checkers all say these ports are still closed.  Time Warner has told me they are not blocking either of these ports and that my modem does not have a firewall holding things up—they say the prob is with my router settings.
  I should probably also mention that I used to successfully forward these ports and host/access this file via the URL (same ISP and domain host etc. then as currently).
  Obviously posting here because none of this is working.  Have looked over the links and docs you regularly reply with—hoping you may have other wisdom to give us.  Thanks in advance.

• Port Forwarding Twice?

  (Also posted in Airport discussions)
  I have previously used port forwarding via an AEn to access my Mac Pro while away. I have now installed a Mac mini Server and continue to use the Mac Pro as a client. Port forwarding now directs all incoming requests to the server for e-mail, file sharing, and web services, which I wish to continue. However, I'd also like to continue to access the other box, where I have telephony software installed requiring access to a phone jack (and the Mac mini is in a closet...). Is there a way to to access both the Mac mini Server and the Mac Pro? Thanks.
  C.

  Hi Charles
  Here's how I do it.
  First I do not "Port Forward" to my server. I use NAT which sends all default traffic to the server.
  I use Port Forwarding to route to other machines.
  The internal IP of my server is 10.0.1.253, and I believe that is the default NAT setting on a AE
  If you went to www.mydomain.com you would hit my Xserver's web services
  If you went to www.mydomain.com:81 you would be directed to the web services on my MacPro.
  In Port Mapping I used port 81 as the Public Port, the internal IP of my MacPro of 10.0.1.200, and of course use a private port of 80.
  As an example, for one machine I use Public Port 547 for AFP, 5901 for VNC, and 27 for FTP.
  Well known" TCP and UDP ports used by Apple software products

• Port forwarding only works for BT customers..

  Hi, I have a little bit of a strange issue and i'm hoping somebody could help.
  What I have is various devices NAS/IPcam/VNC etc, previously I had ports forwarded to these devices and all was working ok, i could reach them via the WAN address.
  What I have currently is that the WAN address my router tells me I have is a 100. address and sites such as whatismyip.com tell me the 81. address (im not sure if this is normal but I think it is?).
  The problem I have is that port forwarding now only seems to work if i try and connect to my devices from BT connection using the 100. address. The 81. address is unreachable from BT or other ISP's and sites that check for open ports tell me the ports are closed. I have tried several routers as i initially thought it was an issue with my router but they all give the same problem.
  Not sure if any more information would be required but from the testing ive done it doesnt seem like a issue with my router. Any ideas? CAn provide more info if needed, just ask.

  If you enter the IP address on this page http://www.whatismyip.com/ip-tools/ip-whois-lookup/
  you can see who it belongs to.
  But I suspect that its something within your router that is returning the wrong WAN address. Do you have an ADSL connection, or an Infinity connection?
  Yo may have difficulty connecting to your own external WAN address from within your own network, unless your router has NAT loopback enabled.
  There are some useful help pages here, for BT Broadband customers only, on my personal website.
  BT Broadband customers - help with broadband, WiFi, networking, e-mail and phones.

• Port forwarding stops working several hours after reset

  I have a WRT350N (fw v. 1.03.2).  It's connected to an Alcatel ADSL modem (PPPoE configuration).  I've configured port forwarding to allow HTTP and SSH into a linux box on my home network (static IP).  I am able to get to the linux box from outside for the first few hours after I set up the configuration, but a few hours later I am no longer able to get to it from outside - port forwarding stops working though the settings remain as I'd left them.  Over the course of various attempts I've had the external connections just die (404 errors, host not found, etc) and sometimes the connection went to the router - getting the WRT350N login prompt (remote management is turned on, but on port 8080, not 80, so this was unexpected).
  The only way I've found to resolve this is to reset to factory defaults and reconfigure.  Then it works again for a few hours and shortly is again not forwarding.  I've tried other ports (VNC, RDC, telnet, SMTP) and the forwarding stops working on all ports at the same time.  My home machines are able to get out to the internet with no problems.
  I thought the router had a hardware flaw so i replaced it with an identical model yesterday, and sure enough, today I'm again stuck without external access to my home website.
  Any thoughts or suggestions would be welcome.
  Thanks,
  Nick

  I was able to trace the problem to torrent downloads.  It seems the router wasn't handling all the concurrent connections when handling torrents.  I haven't had problems since i stopped downloading torrent files.  I did add a static port mapping and configured utorrent to run on a single port on a machine with a static address but haven't had cause to download any torrent files since then, so i don't know if that will fix the problem.
  That being said, i've had no issues since i stopped the torrents.
  HTH
  Nick

• Port Forward and IP address question

  I am configuring my father's computer so that I can "see" his screen. He's on a different network, using a mac with a wireless router. He enables remote desktop login, I use Chicken of the VNC software on my mac to see and control his computer.
  Here's my question, when I set up his router to forward the ports so this will work, do I use the ports for apple remote desktop or VNC? (The ports overlap (5900) but are different.)
  Also, which IP address do I enter into Chicken of the VNC? His router IP, his static IP that we assigned or his computer's IP.
  Thanks for the help,
  Rob

  ok, but in his prefs for apple remote desktop, it gives the static IP address that we set as the address other people can use, so... any thoughts?
  You use that private address if you are in the same subnet as his Mac. That is the address you enter into the port forwarding settings on the router because the router needs to send requests received on the public IP address to that unreachable private IP address.
  When you are on the internet, you can't reach that private IP address.

• Changing VNC Port

  Hello. I use VNC from my iPad to connect to my computers. I have two Macs (mac mini, and imac) and two PCs (one desktop and one laptop).
  In order to be able to connect to them from outside my network I need to change the VNC port in the screen sharing settings, which I can't, because there is no way to do that in the mac os.
  How can I do that?
  I use wired networking on both macs.
  Thanks in advanced!
  Wilfredo Nanita.

  Yeah, this one is tricky. I don''t think the built-in Screen Sharing TCP port can be changed. (Correct me if I'm wrong.) You could try another VNC server, something that you can easily change the listening port. I used to use OSXVNC until Screen Sharing became available on Leopard. I don't know if it's still compatible with Snow Leopard, so do some homework before installing.
  Some routers have the ability to do a "port translation". I think it was my D-Link router that allowed me to specify the "outside" TCP port and the "inside" TCP port. So "outside" was 5901, and "inside was 5900, which matched what Screen Sharing was expecting, thus no need to reconfig Screen Sharing.
  Now, I use a VPN connection to my home. Once the VPN is established, then port forwarding or port translation is not needed and I connect to the machine just like I was on the LAN. (i.e.: 192.168.1.5:5900 for one machine and 192.168.1.6:5900 for the other machine.)
  Alternatively, you could forgo VNC altogether and use something like LogMeIn. I have that installed to one of my machines just in case I f-up something on Screen Sharing or the router port forwarding while I'm away. LogMeIn works very well, and is free for use on a Mac or PC, both the host and remote. However from an iPad or iPhone, you need to install their App, LogMeIn Ignition, which is $30.

• BT HomeHub 5 Port forwarding to 2 PCs

  I have two PCs set up with TightVNC server and can access them both perfectly.  One is on <ipaddress>:ort 5900 and the other on <ipaddress>prt 5901.  I have also set up port forwarding so I can access one PC via the internet using no-ip to handle the ddns.  To set this up I selected the application VNC and linked it to the PC.  This works well and remote TightVNC client can log into the TightVNC server on that PC.   The problem is that I have two PCs running TightVNCserver and I need to remotely log into either or both simultaneously but I cannot set up another port forwarding entry as VNC is in use and removed from the list of applications.
  Is there any way to set up port forwarding to two PCs with different port numbers?
  Thanks
  Richard
  Solved!
  Go to Solution.

  Without getting my HH out of the cupboard to check, is there not an 'other' application that you can assign the port to? Surely the name is just a label it doesn't have to be called VNC.
  Edit: Found this http://bt.custhelp.com/app/answers/detail/a_id/46548/~/how-to-set-up-game-and-application-sharing%2F... click 'no' at step 3 of the second set of instructions.

• WRV210 port forwarding only works on http!!!

  I'm trying to use SSH port forwarding, and VNC on the future.
  Right now the only one that is working is http. I have enable both HTTP and SSH over two different PCs, and only the http one is working.
  We already have version 2.0.0.11. Also tried DMZ the second PC and didn't work.
  I hear about to use DHCP, and then I defined the second PC mac on the table, and still didn't worked.
  Any idea of what is going on with this equipment.
  Carlos Alperin

  If you enter the IP address on this page http://www.whatismyip.com/ip-tools/ip-whois-lookup/
  you can see who it belongs to.
  But I suspect that its something within your router that is returning the wrong WAN address. Do you have an ADSL connection, or an Infinity connection?
  Yo may have difficulty connecting to your own external WAN address from within your own network, unless your router has NAT loopback enabled.
  There are some useful help pages here, for BT Broadband customers only, on my personal website.
  BT Broadband customers - help with broadband, WiFi, networking, e-mail and phones.

• Port Forwarding for OS X Server VPN on BT Home Hub...

  We have BT Infinity using a BT Home Hub 5 and I have recently installed OS X Server to create my own VPN. However, I cannot seem to get the hub to open the ports I desire using the port forwarding tool - I have tried everything I can think of including (and a combination of all these things in one way or another)...
  Standard Port Forwarding
  Disabling uPNP
  Disabling Firewall
  Enabling DMZ directly to the OS X Server
  The ports I am trying to enable, but stay closed are:
  500
  1701
  1723
  5900
  And I have selected the 'Any' protocol in desperation, but they still show up closed on an online port checker tool like canyouseeme.org
  I create a custom application in the hub to cover these ports, and out of curiousity I added port '5900' (VNC Port) to the list, which curiously IS open when I check it, but the hub seems to refuse to open any of the other ports.
  I am beginning to think there may be something up with the router... I've Googled and spent a few hours on failing to solve this simple problem... does anyone else have any ideas?
  Solved!
  Go to Solution.

  Remember, the port discovery websites can only test TCP ports, not UDP. I use Microsoft PortQuery tool, from a remote connection like a 3G mobile data. This can test both TCP and UDP.
  The main thing is that you have it working now Port forwarding seems to give people a lot of problems, when it should just work without any issues.
  Common problems seem to be.
  Having spaces in either device names or application names.
  Failing to apply the settings on every step of the way.
  Being on CG-NAT (IP address sharing)
  Forgetting to open any firewall connections.
  Relying on DHCP to allocate the IP address, instead of setting it on the device itself.
  Plus others....
  There are some useful help pages here, for BT Broadband customers only, on my personal website.
  BT Broadband customers - help with broadband, WiFi, networking, e-mail and phones.

• Port forwarding through Internet Sharing

  Here's my setup:
  - I have a Linksys router, I have that connected wirelessly to my macbook, I have that setup for Ethernet internet sharing to my desktop pc.
  - I want to enable port forwarding so that I can access my PC through VNC.
  - My macbooks ip address is within 192.168.1.x and my desktop's IP address from the macbook is within 192.168.2.x
  - When I connect to my router and try to set up port forwarding I can only forward ports within the 192.168.1.x range.
  - I've tried a bunch of garbage to get it set up, one main thing I've tried was to st my PC's ip address statically to something withing 192.168.1.x, but my default gateway address is 192.168.2.1 so I'm not even sure if thats possible.
  - I really need some help with this, any would be very much appreciated.

  Hi guys. My setup is pretty simple. I have a Terayon cable modem hooked to an iMac. Im doing internet sharing to everybody. I don't need an access point and don't wish to have to buy a new one when I have such a beautiful machine right.
  So I want to do port forwarding using the internet share to connect an XBox360.
  The ports i want to configure are detailed in www.portforward.com
  Anyway I can't see how to do it but I know that for you guys this is all puppy chow. So i decided to give you guys the opportunity to be creative with this setup.

• Port Forwarding for RDP 3389 is not working

  Hi,
  I am having trouble getting rdp (port 3389) to forward to my server (10.20.30.20).  I have made sure it is not an issue with the servers firewall, its just the cisco.  I highlighted in red to what i thought I need in my config to get this  to work.  I have removed the last 2 octets of the public IP info for security .Here is the configuration below:
  TAMSATR1#show run
  Building configuration...
  Current configuration : 11082 bytes
  version 15.2
  no service pad
  service timestamps debug datetime msec localtime show-timezone
  service timestamps log datetime msec localtime show-timezone
  service password-encryption
  hostname TAMSATR1
  boot-start-marker
  boot system flash:/c880data-universalk9-mz.152-1.T.bin
  boot-end-marker
  logging count
  logging buffered 16384
  enable secret
  aaa new-model
  aaa authentication login default local
  aaa authentication login ipsec-vpn local
  aaa authentication login ciscocp_vpn_xauth_ml_1 local
  aaa authorization console
  aaa authorization exec default local
  aaa authorization network groupauthor local
  aaa session-id common
  memory-size iomem 10
  clock timezone CST -6 0
  clock summer-time CDT recurring
  crypto pki token default removal timeout 0
  crypto pki trustpoint TP-self-signed-1879941380
  enrollment selfsigned
  subject-name cn=IOS-Self-Signed-Certificate-1879941380
  revocation-check none
  rsakeypair TP-self-signed-1879941380
  crypto pki certificate chain TP-self-signed-1879941380
  certificate self-signed 01
    3082024B 308201B4 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
    31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
    69666963 6174652D 31383739 39343133 3830301E 170D3131 30393136 31393035
    32305A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
    4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 38373939
    34313338 3030819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
    8100BD7E 754A0A89 33AFD729 7035E8E1 C29A6806 04A31923 5AE2D53E 9181F76C
    ED17D130 FC9B5767 6FD1F58B 87B3A96D FA74E919 8A87376A FF38A712 BD88DB31
    88042B9C CCA8F3A6 39DC2448 CD749FC7 08805AF6 D3CDFFCB 1FE8B9A5 5466B2A4
    E5DFA69E 636B83E4 3A2C02F9 D806A277 E6379EB8 76186B69 EA94D657 70E25B03
    542D0203 010001A3 73307130 0F060355 1D130101 FF040530 030101FF 301E0603
  ip dhcp excluded-address 10.20.30.1 10.20.30.99
  ip dhcp excluded-address 10.20.30.201 10.20.30.254
  ip dhcp excluded-address 10.20.30.250
  ip dhcp pool tamDHCPpool
  import all
  network 10.20.30.0 255.255.255.0
  default-router 10.20.30.1
  domain-name domain.com
  dns-server 10.20.30.20 8.8.8.8
  ip domain name domain.com
  ip name-server 10.20.30.20
  ip cef
  no ipv6 cef
  license udi pid CISCO881W-GN-A-K9 sn
  crypto vpn anyconnect flash:/webvpn/anyconnect-dart-win-2.5.3054-k9.pkg sequence 1
  ip tftp source-interface Vlan1
  class-map type inspect match-all CCP_SSLVPN
  match access-group name CCP_IP
  policy-map type inspect ccp-sslvpn-pol
  class type inspect CCP_SSLVPN
    pass
  zone security sslvpn-zone
  crypto isakmp policy 10
  encr aes 256
  authentication pre-share
  group 2
  crypto isakmp policy 20
  encr aes 192
  authentication pre-share
  group 2
  crypto isakmp key password
  crypto isakmp client configuration group ipsec-ra
  key password
  dns 10.20.30.20
  domain tamgmt.com
  pool sat-ipsec-vpn-pool
  netmask 255.255.255.0
  crypto ipsec transform-set ipsec-ra esp-aes esp-sha-hmac
  crypto ipsec transform-set TSET esp-aes esp-sha-hmac
  crypto ipsec profile VTI
  set security-association replay window-size 512
  set transform-set TSET
  crypto dynamic-map dynmap 10
  set transform-set ipsec-ra
  reverse-route
  crypto map clientmap client authentication list ipsec-vpn
  crypto map clientmap isakmp authorization list groupauthor
  crypto map clientmap client configuration address respond
  crypto map clientmap 10 ipsec-isakmp dynamic dynmap
  interface Loopback0
  ip address 10.20.250.1 255.255.255.252
  ip nat inside
  ip virtual-reassembly in
  interface Tunnel0
  description To AUS
  ip address 192.168.10.1 255.255.255.252
  load-interval 30
  tunnel source
  tunnel mode ipsec ipv4
  tunnel destination
  tunnel protection ipsec profile VTI
  interface FastEthernet0
  no ip address
  interface FastEthernet1
  no ip address
  interface FastEthernet2
  no ip address
  interface FastEthernet3
  no ip address
  interface FastEthernet4
  ip address 1.2.3.4
  ip access-group INTERNET_IN in
  ip access-group INTERNET_OUT out
  ip nat outside
  ip virtual-reassembly in
  no ip route-cache cef
  ip route-cache policy
  ip policy route-map IPSEC-RA-ROUTE-MAP
  duplex auto
  speed auto
  crypto map clientmap
  interface Virtual-Template1
  ip unnumbered Vlan1
  zone-member security sslvpn-zone
  interface wlan-ap0
  description Service module interface to manage the embedded AP
  ip unnumbered Vlan1
  arp timeout 0
  interface Wlan-GigabitEthernet0
  description Internal switch interface connecting to the embedded AP
  switchport mode trunk
  no ip address
  interface Vlan1
  description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$
  ip address 10.20.30.1 255.255.255.0
  ip nat inside
  ip virtual-reassembly in
  ip tcp adjust-mss 1452
  ip local pool sat-ipsec-vpn-pool 10.20.30.209 10.20.30.239
  ip default-gateway 71.41.20.129
  ip forward-protocol nd
  ip http server
  ip http access-class 23
  ip http authentication local
  ip http secure-server
  ip http timeout-policy idle 60 life 86400 requests 10000
  ip dns server
  ip nat inside source list ACL-POLICY-NAT interface FastEthernet4 overload
  ip nat inside source static tcp 10.20.30.20 3389 interface FastEthernet4 3389
  ip nat inside source static 10.20.30.20 (public ip)
  ip route 0.0.0.0 0.0.0.0 public ip
  ip route 10.20.40.0 255.255.255.0 192.168.10.2 name AUS_LAN
  ip access-list extended ACL-POLICY-NAT
  deny   ip 10.0.0.0 0.255.255.255 10.20.30.208 0.0.0.15
  deny   ip 172.16.0.0 0.15.255.255 10.20.30.208 0.0.0.15
  deny   ip 192.168.0.0 0.0.255.255 10.20.30.208 0.0.0.15
  permit ip 10.20.30.0 0.0.0.255 any
  permit ip 10.20.31.208 0.0.0.15 any
  ip access-list extended CCP_IP
  remark CCP_ACL Category=128
  permit ip any any
  ip access-list extended INTERNET_IN
  permit icmp any any echo
  permit icmp any any echo-reply
  permit icmp any any unreachable
  permit icmp any any time-exceeded
  permit esp host 24.153. host 66.196
  permit udp host 24.153 host 71.41.eq isakmp
  permit tcp host 70.123. host 71.41 eq 22
  permit tcp host 72.177. host 71.41 eq 22
  permit tcp host 70.123. host 71.41. eq 22
  permit tcp any host 71..134 eq 443
  permit tcp host 70.123. host 71.41 eq 443
  permit tcp host 72.177. host 71.41. eq 443
  permit udp host 198.82. host 71.41 eq ntp
  permit udp any host 71.41. eq isakmp
  permit udp any host 71.41eq non500-isakmp
  permit tcp host 192.223. host 71.41. eq 4022
  permit tcp host 155.199. host 71.41 eq 4022
  permit tcp host 155.199. host 71.41. eq 4022
  permit udp host 192.223. host 71.41. eq 4022
  permit udp host 155.199. host 71.41. eq 4022
  permit udp host 155.199. host 71.41. eq 4022
  permit tcp any host 10.20.30.20 eq 3389
  evaluate INTERNET_REFLECTED
  deny   ip any any
  ip access-list extended INTERNET_OUT
  permit ip any any reflect INTERNET_REFLECTED timeout 300
  ip access-list extended IPSEC-RA-ROUTE-MAP
  deny   ip 10.20.30.208 0.0.0.15 10.0.0.0 0.255.255.255
  deny   ip 10.20.30.224 0.0.0.15 10.0.0.0 0.255.255.255
  deny   ip 10.20.30.208 0.0.0.15 172.16.0.0 0.15.255.255
  deny   ip 10.20.30.224 0.0.0.15 172.16.0.0 0.15.255.255
  deny   ip 10.20.30.208 0.0.0.15 192.168.0.0 0.0.255.255
  deny   ip 10.20.30.224 0.0.0.15 192.168.0.0 0.0.255.255
  permit ip 10.20.30.208 0.0.0.15 any
  deny   ip any any
  access-list 23 permit 70.123.
  access-list 23 permit 10.20.30.0 0.0.0.255
  access-list 24 permit 72.177.
  no cdp run
  route-map IPSEC-RA-ROUTE-MAP permit 10
  match ip address IPSEC-RA-ROUTE-MAP
  set ip next-hop 10.20.250.2
  banner motd ^C
  UNAUTHORIZED ACCESS TO THIS NETWORK DEVICE IS PROHIBITED.
  You must have explicit permission to access or configure this device.  All activities performed on this device are logged and violations of this policy may result in disciplinary and/or legal action.
  ^C
  line con 0
  logging synchronous
  line aux 0
  line 2
  no activation-character
  no exec
  transport preferred none
  transport input all
  line vty 0
  access-class 23 in
  privilege level 15
  logging synchronous
  transport input telnet ssh
  line vty 1 4
  access-class 23 in
  exec-timeout 5 0
  privilege level 15
  logging synchronous
  transport input telnet ssh
  scheduler max-task-time 5000
  ntp server 198.82.1.201
  webvpn gateway gateway_1
  ip address 71.41. port 443
  http-redirect port 80
  ssl encryption rc4-md5
  ssl trustpoint TP-self-signed-1879941380
  inservice
  webvpn context TAM-SSL-VPN
  title "title"
  logo file titleist_logo.jpg
  secondary-color white
  title-color #CCCC66
  text-color black
  login-message "RESTRICTED ACCESS"
  policy group policy_1
     functions svc-enabled
     svc address-pool "sat-ipsec-vpn-pool"
     svc default-domain "domain.com"
     svc keep-client-installed
     svc split dns "domain.com"
     svc split include 10.0.0.0 255.0.0.0
     svc split include 192.168.0.0 255.255.0.0
     svc split include 172.16.0.0 255.240.0.0
     svc dns-server primary 10.20.30.20
     svc dns-server secondary 66.196.216.10
  default-group-policy policy_1
  aaa authentication list ciscocp_vpn_xauth_ml_1
  gateway gateway_1
  ssl authenticate verify all
  inservice
  end

  Hi,
  I didnt see anything marked with red in the above? (Atleast when I was reading)
  I have not really had to deal with Routers at all since we all access control and NAT with firewalls.
  But to me it seems you have allowed the traffic to the actual IP address of the internal server rather than the public IP NAT IP address which in this case seems to be configured to use your FastEthernet4 interfaces public IP address.
  There also seems to be a Static NAT configured for the same internal host so I am wondering why the Static PAT (Port Forward) is used?
  - Jouni

• ASA 5505 how to create a port forwarding rule

  ASA 5505 IOS ver 9.2.3
  I need to create a firewall rule that will allow internal services to be accessed externally, but using port forwarding. For example I'd like to enable access to our NAS via ftp external on port 1545 and then have the ASA forward the request to the NAS internally on port 21.
  I tried these commands but they didn't work:
  object network NAS
  host 192.168.2.8
  nat (inside,outside) static interface service tcp 21 1545
  access-list NASFTP-in permit tcp any object NAS eq 1545
  conf t
  int vlan 2
  access-group NASFTP-in permit tcp any object NAS eq 1545
  I really appreciate the help everyone.

  try this, it worked for me, here is an example of adding a webserver with a ip of 10.10.50.60  and naming it with a object named www-server and forwarding port 80 , the way it works is you need to do three things, u need to "nat it" "foward it" and allow it in "acl"
  object network obj-10.10.50.60-1
  host 10.10.50.60
  nat (inside,outside) static interface service tcp 80 80
  object network INSIDE
  nat (inside,outside) dynamic interface
  object network WWW-SERVER
  nat (inside,outside) static interface service tcp 80 80
  access-list Outside_access_in extended permit tcp any object WWW-SERVER eq 80
  access-group Outside_access_in in interface Outside