Showing results for 
Search instead for 
Did you mean: 

Welcome to the Cisco Small Business Community

Have a question? Click on a topic board below to get started in the community.


RV325 - Port forwarded but still closed

We have a RV325 ( router behind our TP-Link router (, in a pretty simple setup. 


RV325 is also the DHCP server. Everything works great except that no device in is accessible from outside (Internet). We forwarded all ports that we needed from TP-LINK to RV325, but looks like RV325 is not forwarding any ports to other IPs ( for example)


For this example, we did a PAT the TCP port 3000 to 81 and ran a nmap scan from an external machine:



Nmap scan report for XXXXXXX (XXXXXXXXX)
Host is up (0.22s latency).
3000/tcp closed ppp


TP-Link is certainly not the problem since if we enable PPTP in RV325, it will show the 1723/tcp open


2018-04-17 20_32_59 PuTTY.png


Here is our PAT settings:

2018-04-17 20_37_17-Cisco RV325 Configuration Utility.png


We tried to set firewall permissive access rules or even disable the firewall but to no avail.

Running RV325 on latest firmware, can ping just fine. We just did a factory reset.

Can anyone shed a light?

Firmware Version: v1.4.2.17 (2017-10-30, 15:50:18)

I own a RV220W which doesn't have the Port Address Translation. I use the Forwarding menu to redirects ports to inside IPs.





In RV325, Port Forwarding must be used if you forward the same external and internal port numbers. In order to forward external 3000 to internal 81, you need to use PAT. 


Unfortunately, I tried both Port Forwarding and Port Address Translation, none of them work. I really think my unit is faulty but I can't RMA it yet because we have a site-to-site VPN online. I'll try to downgrade my Firmware. If it doesn't works I'll simply buy other VPN router. And will not be a Cisco because Cisco Small Business support is non-existent.


Thanks for the reply anyway.

This is how I would do it.


In Port Address Translation -> Service Management I would enter


Service name: TCP3000

Protocol: TCP

External Port: 3000

Internal Port: 81


Then I would go to Forwarding and enter


Service: TCP3000

IP Address:

Status: enabled


Can you try that?


PAT AFAIK is used to reserve a port range for a specific internal IP when it goes out the WAN interface. It doesn't open any port.



That didn't work since PAT's Service Management is separated from Port Forwarding Service Management.


Here is the Service Management for PAT:


2018-04-20 10_35_27-Service Management.png2018-04-20 10_35_58-Cisco RV325 Configuration Utility.png



And here is the Service Management for Port Forwarding. In this window, you can't forward port 3000 to 81 only 3000 to 3000:

2018-04-20 10_36_20-Cisco RV325 Configuration Utility.png


I event tried to delete PAT rule and forward ALL inbound traffic (ports 1~65535) to In this case, we would use external port 81, but still shows as "closed".




Do you have an entry in Firewall -> Access Rules like


Enable: yes

Action: Allow

Service: TCP3000

Source Interface: WAN1

Source: Any





I believe that there is only one Service Table but two views into this table. One for the Forwarding menu and one for the PAT menu. So my understanding right now is that you use Firewall -> Access Rules to open ports and Forwarding or PAT to tell the router what to do with the packets.


Does it make sense ?

Yes, I tried to set the firewall to the most permissive mode ever (allowing any traffic) or disable the firewall. 

2018-04-20 11_29_24-Cisco RV325 Configuration Utility.png

In my KIWI SNMP log I see the RV325 ALLOWing traffic but the port remais closed. So looks like something "inside" RV325 is still blocking or not forwarding the traffic correctly.

@randrade86 wrote:
In my KIWI SNMP log I see the RV325 ALLOWing traffic but the port remais closed. So looks like something "inside" RV325 is still blocking or not forwarding the traffic correctly.

Or it could be the firewall on your server. You could capture packets on it via Wireshark and see.


I just ordered a RV325 online. Should be here in max 2 weeks. I'll have a better understanding then.

We disabled firewall entirely.


When we had only the TP-LINK router, it worked flawlessly. Due to business reasons, we needed to add a VPN Router with Site-to-Site capability hence we bought a RV325. VPN Site-to-Site is working great so far but the port forwarding problem is really hurting us because we need our customer to access us from outside.


I hope you have a better experience than I did. Here is our hardware / firmware versions.


2018-04-20 13_03_09-Cisco RV325 Configuration Utility.png


I got my rv325 yesterday. I replicated my rv220w config on it and everything works perfectly.

Here is what I did to replicate my firewall rules.

I will use two cases.

1) I want to open port https on 17443 and redirect it to https 17443 (straight Forwarding)
2) I want to open port ssh on 1722 and redirect it to ssh 22. (Port Address Translation)

For case #1, I created a new service HTTPSf17443 and added a firewall rule then added a forwarding rule.

Firewall -> Access Rules -> Service Management… -> Add
    HTTPSf17443 / TCP / 17443-17443

Firewall -> Access Rules -> Add
    Allow HTTPSf17443 from WAN1 source ANY destination

Setup -> Forwarding -> Add
    HTTPSf17443 / / Enabled

For case #2, I created a new service SSHf1722 and added a firewall rule then added a new Port Address Translation service SSHp1722 and added a Port Address Translation entry

Firewall -> Access Rules -> Service Management… -> Add
    SSHf1722 / TCP / 1722-1722

Firewall -> Access Rules -> Add
    allow SSHf1722 from WAN1 source ANY destination

Setup -> Port Address Translation -> Service Management… -> Add
    SSHp1722 / TCP / 1722 / 22

Setup -> Port Address Translation -> Add
    SSHp1722 / / Enabled

That's it.


I use _protocole_ f _wan_port_ for forwarding services and firewall rules and _protocole_ p _wan_port_ for Port Address Translation services.

Hope it helps.


Thanks for your reply.


That's exactly what I have tried since the beginning. I even tried to factory reset my router and the problem persists.


Unfortunately, looks like my unit is faulty.

Sorry to hear. Did you try to contact Cisco Small Business Service?

Devices have lifetime warranty if the hardware is faulty.






I have the identical problem, attempting to forward to have set up port address translaton 81->81 with the destination IP and also setup fort forwarding. Furthemore, tried each one separately as well as in combination. No luck.



Does it work if you connect your server directly to your service provider? My service provider blocks tcp/80 and tcp/25 maybe yours is blocking tcp/81.


Since you are opening tcp/81 on the router and your server, you should use port forwarding + firewall acl.




This works for me as you can see from the firewall log:


<1>1 2019-06-14T02:44:18.828946-04:00 ALLOW TCP - - - TCP -> on eth1
<1>1 2019-06-14T02:44:18.831877-04:00 ALLOW TCP - - - TCP -> on eth1


Had the same problem on my Rv325, had a cisco engineer confirm my setup was correct & RMA'd the product; upgraded to a rv345 still the same problem; found this on the rv345 thread:


Don't forget to check the settings of your fibre/dsl modem as well.. that's what it turned out to be fore me.