Thanks Richard

"If you use PAT then you might only have one Public address, then say you want access to port 80 on the host then perhaps you would translate that to port 5580 for example, so would be a NAT translating Host tcp 80 to Internet tcp 5580. so from outside you would connect to Internet port 5580 that would get you to your host."

This assumes initiating contact from the outside?  How would the initiating host know that outside internet address port 5580 translates to internal port 80?  Wouldn't the outside host send out a packet with an 80 port since that is the commonly used port for an application?

Or does you scenario involve initiating contact from the inside only?

Unless I'm missing something, it seems that contact can only be initiated from outside if you have public static IP addresses mapped to different internal devices?

Thanks for any help?

Adam

Ok that was just an example, if you use standard web access on port 80 then the static translation would only go to the host you configured with the static nat so it would be  Host tcp 80 translate to Internet tcp 80. This ok if you only have one host you need to contact on port 80, if you had multiple hosts then you would have to do a port translation as my first example to distinguish between hosts.

Or does you scenario involve initiating contact from the inside only? << No

Unless I'm missing something, it seems that contact can only be initiated from outside if you have public static IP addresses mapped to different internal devices? << No it works both ways 

So I'm picturing traffic coming from the outside going into the private network.  Someone on the public internet wants to access a web page on my server in my private network.  They initate contact.  So their host sends out a packet with port 80 to the web address of my gateway.  The packet get's to the gateway.  How does the gateway know which of the servers on my private network to send the traffic to.  No static NAT translations because there is one public address to the gateway.  You can't say any traffic received with port 80 PAT's to server A because some needs to go to server A and some needs to go to server B.

Does my example make sense?

Please look at this old example below, change the BVI interface to your interface.and PUblic address to your public address

In this example only one http server, so can translate the public address port 80 to the inside host port 80. But if you have more than one host using port 80 then the Internet user would have to connect to a different port( say 8080) for the second host which would be translated to port 80 of the second host, so in example below if we had another web host running different apps using port 80 say ip 192.168.0.6

then the NAT statement for that would be 

ip nat inside source static tcp 192.168.0.6 80 171.68.1.1 8080 extendable 

Current Configuration:
! 
version 12.1
service timestamps debug uptime
service timestamps log uptime
!
hostname 827
!
ip subnet-zero
no ip domain-lookup
!
bridge irb
!
interface Ethernet0
ip address 192.168.0.254 255.255.255.0
ip nat inside

!--- This is the inside local IP address and it is a private IP address. 

!
interface ATM0
no ip address
no atm ilmi-keepalive
pvc 0/35
encapsulation aal5snap
!
bundle-enable
dsl operating-mode auto 
bridge-group 1
!
interface BVI1
ip address 171.68.1.1 255.255.255.240
ip nat outside

!--- This is the inside global IP address. !--- This is your public IP address and it is provided to you by your ISP.

!
ip nat inside source list 1 interface BVI1 overload

!--- This statement makes the router perform PAT for all the !--- End Stations behind the Ethernet interface that uses !--- private IP addresses defined in access list #1.

ip nat inside source static tcp 192.168.0.5 80 171.68.1.1 80 extendable 

!--- This statement performs the static address translation for the Web server. !--- With this statement, users that try to reach 171.68.1.1 port 80 (www) are !--- automatically redirected to 192.168.0.5 port 80 (www). In this case !--- it is the Web server.

ip classless
ip route 0.0.0.0 0.0.0.0 171.68.1.254

!--- IP address 171.68.1.254 is the next hop IP address, also !--- called the default gateway. !--- Your ISP can tell you what IP address to configure as the next hop address.

!
access-list 1 permit 192.168.0.0 0.0.0.255

!--- This access list defines the private network !--- that is network address translated. 

bridge 1 protocol ieee 
bridge 1 route ip 
!
end

Richard,

I get how the NAT table can be set up so that the internet user trying to reach 171.68.1.1 port 80 can be redirected to 192.168.0.5 port 80.  I get that if there was a second web server you could set your NAT table to take 171.68.1.1 port 8080 and direct that to port 192.168.0.6 port 80

What I am still not clear on is how the internet user that wants to connect to server at 192.168.0.6 port 80 would know to send out a message saying they wanted to connect to 171.68.1.1 port 8080 instead of port 80. Because 80 is the default for HTTP.  So the internet user would somehow have to know to connect to 171.68.1.1 at port 8080 instead of 80 to get to the correct server.  How would they know how to do that?

Thanks

Adam

there lies the problem! the user would need to know to connect to port 8080 for that server for example "www.myserver.com:8080"

Thanks to both of you for your help.  I belive I understand now.