Hello, I am fairly new here, this is my first post. I have been trying to tackle this issue on my own to no avail. I have a Cisco 1921 to replace our current router which is constantly freezing. We have a couple inside servers, one is a web server and application server which needs to be RDP'd to by a couple of clients outside of our network. I cannot get this to work no matter what. I know it's not the server's setup as when I plug the network back into the old router, it works just fine.

All clients have access to the internet, and I can successfully ping/resolve hosts from both the router and a client computer connected. I cannot, however, rdp using neither our public IP, nor our hostname. The hostname does resolve to our ISP assigned IP, but the server cannot be contacted, leading me to belive this is a NAT issue. My config file is below. Any help would be greatly appreciated. THANKS!

Current configuration : 4643 bytes

!

! Last configuration change at 00:18:20 UTC Sun Jan 20 2013 by ***Admin

version 15.1

service nagle

no service pad

service tcp-keepalives-in

service tcp-keepalives-out

service timestamps debug datetime msec localtime

service timestamps log datetime msec localtime

service password-encryption

service compress-config

!

hostname ***Office_Local

!

boot-start-marker

boot-end-marker

!

!

logging buffered 51200 warnings

enable secret 4 /x.XXZBXS7rpLl3dj39.iDAFlt5lGcjTiUlUCQucW3U

!

no aaa new-model

!

!

no ipv6 cef

no ip source-route

ip cef

!

!

!

ip dhcp excluded-address 10.1.1.1 10.1.1.10

!

ip dhcp pool LAN

network 10.1.1.0 255.255.255.0

domain-name *****************.com

dns-server ***.***.***.2 ***.***.***.250

default-router 10.1.1.1

!

!

no ip bootp server

ip name-server ***.***.***.2

ip name-server ***.***.***.250

ip name-server 8.8.8.8

!

multilink bundle-name authenticated

!

crypto pki token default removal timeout 0

!

crypto pki trustpoint TP-self-signed-810841858

enrollment selfsigned

subject-name cn=IOS-Self-Signed-Certificate-810841858

revocation-check none

rsakeypair TP-self-signed-810841858

!

!

crypto pki certificate chain TP-self-signed-810841858

certificate self-signed 01

  30820229 30820192 A0030201 02020101 300D0609 2A864886 F70D0101 05050030

  30312E30 2C060355 04031325 494F532D 53656C66 2D536967 6E65642D 43657274

  69666963 6174652D 38313038 34313835 38301E17 0D313231 30323932 31303732

  345A170D 32303031 30313030 30303030 5A303031 2E302C06 03550403 1325494F

  532D5365 6C662D53 69676E65 642D4365 72746966 69636174 652D3831 30383431

  38353830 819F300D 06092A86 4886F70D 01010105 0003818D 00308189 02818100

  C925E5CB 784751A9 A03B0B5E 42B3AECA 7C04F3B3 29C06A3C 6CD3DC9C D842304F

  A99358BF 461F2019 4CF44369 1F463CAB 35FCFCCE 9FC3A5CC AD42EE14 83069FB2

  2AC82A69 146C265F 1595C4EA DF81AD83 4751A2DA A164ACFC 0FE36ED3 44544D66

  22E425A2 AC80DCC5 10ADC41A E2C4F4EE B98651C4 FB44FB1F 565B31C0 ACD82315

  02030100 01A35330 51300F06 03551D13 0101FF04 05300301 01FF301F 0603551D

  23041830 168014D1 367C56F0 E54B0E34 3CEDE18B DB7D5262 8D57ED30 1D060355

  1D0E0416 0414D136 7C56F0E5 4B0E343C EDE18BDB 7D52628D 57ED300D 06092A86

  4886F70D 01010505 00038181 006783F1 F2A10C59 F13EBE29 9BD17BB3 0D3138C5

  7664CD13 73E655BC DBC9C90E 8426D481 44E9D3E7 770EED7A 2AC09C70 467B06BD

  01F00AF9 4C94BA64 57DB99CC BCA9B746 6F49631C 3978EFF8 1ECE898C 3DAC8445

  068F3674 68C10BDC 830729AA 995C493C FA52EC6E 1EBE7F27 D04BD8B8 80F8DB1B

  E7C1D8E9 5C897E14 F40ABDE1 B9

        quit

license udi pid CISCO1921/K9 sn FGL16442155

!

!

username ***Admin privilege 15 secret 4 /x.XXZBXS7rpLl3dj39.iDAFlt5lGcjTiUlUCQucW3U

username admin privilege 15 secret 4 tnhtc92DXBhelxjYk8LWJrPV36S2i4ntXrpb4RFmfqY

!

redundancy

!

!

!

!

ip ssh time-out 60

ip ssh authentication-retries 2

ip ssh version 2

!

!

!

!

!

!

!

interface Embedded-Service-Engine0/0

no ip address

shutdown

!

interface GigabitEthernet0/0

description $ETH-WAN$

ip address ***.***.***.210 255.255.255.252

ip nat outside

ip virtual-reassembly in

duplex full

speed 100

!

interface GigabitEthernet0/1

description Internal LAN$ETH-LAN$

ip address 10.1.1.1 255.255.255.0

ip nat inside

ip virtual-reassembly in

duplex auto

speed auto

!

interface Serial0/0/0

no ip address

shutdown

!

ip forward-protocol nd

!

ip http server

ip http access-class 23

ip http authentication local

ip http secure-server

ip http timeout-policy idle 60 life 86400 requests 10000

!

ip nat pool NAT_LAN ***.***.***.210 ***.***.***.210 prefix-length 30

ip nat pool RTP_FWD 10.1.1.5 10.1.1.5 netmask 255.255.255.0 type rotary

ip nat inside source list 10 pool NAT_LAN overload

ip nat inside source static tcp 10.1.1.181 3389 interface GigabitEthernet0/0 3395

ip nat inside destination list 100 pool RTP_FWD

ip route 0.0.0.0 0.0.0.0 ***.***.***.209

!

access-list 10 remark CCP_ACL Category=18

access-list 10 permit 10.1.1.0 0.0.0.255

access-list 23 permit 10.1.1.0 0.0.0.255

access-list 100 remark CCP_ACL Category=18

access-list 100 permit udp any any range 10000 20000

access-list 100 permit tcp any any eq 3395

access-list 100 permit tcp any any eq 3389

!

!

!

!

!

!

control-plane

!

!

!

line con 0

exec-timeout 5 30

password 7 107C4D0E091815020F55786A

login

line aux 0

line 2

no activation-character

no exec

transport preferred none

transport input all

transport output pad telnet rlogin lapb-ta mop udptn v120 ssh

stopbits 1

line vty 0 4

access-class 23 in

privilege level 15

login local

transport input telnet ssh

line vty 5 15

access-class 23 in

privilege level 15

login local

transport input telnet ssh

!

scheduler allocate 20000 1000

end