Dear Pawan,

Thank you very much for your reply.

Please check my running-config file below

TPRouter#show running-config
Building configuration...

Current configuration : 2559 bytes
!
! Last configuration change at 05:02:11 UTC Tue Nov 8 2016
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname TPRouter
!
boot-start-marker
boot-end-marker
!
!
enable secret 4 yWnkPLHDYkl1Ah.ZPRnHi5MwJ.h5wEG9bClzy3yaDNQ
!
no aaa new-model
!
ip cef
!
!
!
!
!
!
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
license udi pid CISCO1941/K9 sn FCZ17379195
!
!
!
redundancy
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Embedded-Service-Engine0/0
 no ip address
 shutdown
!
interface GigabitEthernet0/0
 ip address 192.168.10.250 255.255.255.0
 ip access-group 101 in
 ip nat inside
 ip virtual-reassembly in
 user-group default tp
 duplex auto
 speed auto
 pppoe enable group global
!
interface GigabitEthernet0/1
 ip address 84.87.120.223 255.255.255.0
 ip nat outside
 ip virtual-reassembly in
 duplex auto
 speed auto
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
ip nat inside source list 1 interface GigabitEthernet0/1 overload
ip nat inside source static tcp 192.168.10.52 3389 84.87.120.223 3389 extendable
ip nat inside source static tcp 192.168.10.52 7001 84.87.120.223 7001 extendable
ip route 0.0.0.0 0.0.0.0 84.87.120.222 3
ip route 192.168.10.0 255.255.255.0 192.168.10.251
!
access-list 1 permit 192.168.10.52
access-list 1 permit 192.168.10.0 0.0.0.255
access-list 101 deny ip host 192.168.10.51 host 66.220.158.68
access-list 101 permit ip any any
!
!
!
control-plane
!
!
banner motd ^C-----------This is a secure site. Only authorized users are allowed. For access, contact your IT Administrator-----------^C
!
line con 0
line aux 0
line 2
 no activation-character
 no exec
 transport preferred none
 transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
 stopbits 1
line vty 0 2
transport input all
line vty 3 4
 login
 transport input all
!
scheduler allocate 20000 1000
!
end

Still i am unable to connect through RDP and Web Browser.

can you share sh ip nat translation output

Dear Pawan,

Below is the output of ip nat trans

Pro Inside global      Inside local       Outside local      Outside global
tcp 84.87.120.223:555  192.168.10.52:3389 37.104.229.20:52245 37.104.229.20:52245
tcp 84.87.120.223:555  192.168.10.52:3389 ---               ---
tcp 84.87.120.223:7001 192.168.10.52:7001 37.104.229.20:50340 37.104.229.20:50340
tcp 84.87.120.223:7001 192.168.10.52:7001 37.104.229.20:50341 37.104.229.20:50341
tcp 84.87.120.223:7001 192.168.10.52:7001 ---               ---

My requirement is as follows:

RDP --> 84.87.120.223:555  should connect 192.168.10.52:3389

Web Browser --> 84.87.120.223:7001 should connect 192.168.10.52:7001

As per output nat translation looks correct.

then why i couldn't connect through RDP and web browser

in ip nat trans it is translating but not opening through RDP and web browser

i checked ping test and telnet also both are working

is there anything we have to do settings in servers.

FYI, there windows 2012 R2 STD servers.

This is the server issue. I dont have much for server level troubleshooting

Hello

---

@sammy.douglas157 wrote:

Dear Pawan,
interface GigabitEthernet0/0
 ip address 192.168.10.250 255.255.255.0
 ip access-group 101 in
 ip nat inside
 ip virtual-reassembly in
 user-group default tp
 duplex auto
 speed auto
 pppoe enable group global

interface GigabitEthernet0/1
 ip address 84.87.120.223 255.255.255.0
 ip nat outside
 ip virtual-reassembly in

ip nat inside source list 1 interface GigabitEthernet0/1 overload
ip nat inside source static tcp 192.168.10.52 3389 84.87.120.223 3389 extendable
ip nat inside source static tcp 192.168.10.52 7001 84.87.120.223 7001 extendable
ip route 0.0.0.0 0.0.0.0 84.87.120.222 3
ip route 192.168.10.0 255.255.255.0 192.168.10.251

access-list 1 permit 192.168.10.52
access-list 1 permit 192.168.10.0 0.0.0.255

access-list 101 deny ip host 192.168.10.51 host 66.220.158.68
access-list 101 permit ip any any

 

Still i am unable to connect through RDP and Web Browser.

---

Pawan is correct with the static pat statements however i do see other possible misconfigurations due to the fact this router looks like its a PPOE client but I dont see any dial pool number on the physical interface to associate with a dialer interface?

I would have expected to see something like the following for a possible working configuration regarding a PPOE client:

no ip route 0.0.0.0 0.0.0.0 84.87.120.222 3
no ip route 192.168.10.0 255.255.255.0 192.168.10.251
no ip nat inside source list 1 interface GigabitEthernet0/1 overload

no access-list 1
access-list 1 permit 192.168.10.0 0.0.0.255

ip nat inside source list 1 interface dailer10 overload

interface GigabitEthernet0/1
no ip address
pppoe-client dial-pool-number 1

interface dailer 10
ip address 84.87.120.223 255.255.255.0
encapsulation ppp
dialer pool 1
ppp authentication chap1
ppp chap hostname TPRoute
ip nat outside

ip route 0.0.0.0 0.0.0.0 dialer 10  84.87.120.222

Sir my local IP is 192.168.210.91 and public IP is 45.64.221.252.Sir I using this command for RDP port forwarding in Cisco router 1900(ip nat inside source static tcp 192.168.210.91 3389 45.64.221.252 3389 expendable). but sir I am not able to access by Remote desktop to other place...pls help me sir

Hello,

post the full config of your router...