Hi,

thanks for the reply. I got confused. What I rules I need to change please.

thanks

hi,

I change the static nat to

ip nat inside source static tcp 192.xx.xx.xx (ip of the Pc Im trying to connect) 3389 172.xx.xx.xx (wan ip of 2801 ) 3389 extendable

but didn't work...:(

Thanks for the reply.

Hello

as I stated you didn't need to change your static nat statement it was okay as it was

along as the device your trying to connect is open for port 3389 then all you need to do is change the access list to negate that host from being read.

no access-list 10 

access-list 10 deny host 192.xx.xx.xx ( this is the device you need to rdp to)

access-list 10 permit 192.xx.xx.xx 0.0.0.255

lastly fa0/1 is set to H/D this is incorrect  you should set it to either autonegociste or manually the correct speed and full duplex

res

paul

Hello,

I did what you suggested but no luck.

Started all over to check settings.
I connected the Server to first router and remote desktop its working. So port
forward on first router is ok.
Connected back to Cisco 2801 and its not working. Can think anything else to do.

thanks

Hello,

in your original post you say:

My Cisco 2801 is connected as 2cd router. FE0/0 is my wan
and FE0/1 in my local.

Is the Cisco the Internet edge device, that is, is:

interface FastEthernet0/0
description wan.interface
ip address 172.xx.xx.xx 255.255.255.0
ip nat outside

What is connected to FastEthernet0/0, and what to FastEthernet0/1 ?

Hello,

I'll try to explain.

My 1st router is a mikrotik and its connect to internet. 
local lan IP is 172.50.50.1 and 255.255.255.0

Cisco 2801 is connected to mikrotik from FastEthernet0/0 
with static ip 172.50.50.2 and 255.255.255.0
FastEthernet0/1 is the 192.168.100/24 lan which is the Server
I'm trying to access with remote desktop.

Also I did a packet trace-sniffer. It seems that I sent packets from mikrotik to 2801 but I don't get response if that helps

thanks

Hello,

if your Mikrotik is the Internet router, you are dealing with double NAT. Is there a requirement to NAT at all on the Cisco ?

Hi,

I can't NAT all on Cisco.

I use mikrotik to offer free wifi to customers with hotspot
and I use cisco to give internet to offices.

thanks

Hello,

what I meant was to not use NAT at all on the Cisco, and to just add the internal Cisco network to the addresses that need to be translated on the Mikrotik. Is that an option ?

Thanks for help guys,

I'll try to check mikrotik first if everything is ok and I'll try use another router instead of cisco to test it everything from the beggining.

I will post results when I have something new.

Thanks

Hello,

I am just thinking, why don't you connect the Mikrotik to the Cisco and just add the IP address range of the Mikrotik to the to-be-NATted addresses on the Cisco ? Then connect the Cisco directly to the Internet, that way you avoid the double NAT. 

Is that physically possible ?

Hi,

I can't do that. We get internet with fibre cable from our ISP and its plugged directly to Mikrotik's fibre port.

Mikrotik offers internet with hotspot to customers. I only want to use cisco to give internet to our offices (different network and subnet) and secure it so no customer can do anything. Like an extra layer of security.

I also tried and old draytek router that I had but no luck so I need to fix the nat rules in both routers.

thanks