Hello Paul

i have only delete the Password's from this Config!

Regards

Mauri

Hello

i don't see ip default route have you not posted it  or dont you have one?

ip route 0,0,0,0 0,0,0,0 fa0/0 dhcp

res

paul

Hello Paul

First thanks for your fast answer.

But for what i need this, then all me other clients will running witout any problems. Possible you can this answer for me?

Or it's this needed if i use NAT.

Thanks for feedback.

Regards

Mauri

Hello

its required to allow your rtr to be able to forward traffic off your internal lan towards wan/internet and for nat to be able to translate your non routable lan address range to a routable address range

res

paul

Hello Paul

ok, adding this line to me System:

  ip route 0.0.0.0 0.0.0.0 FastEthernet0/0 dhcp 

Default route needed to be configured as Paul Driver suggested.

Your port forward statement is not written properly for WAN access

ip nat inside source static tcp 192.168.1.21 3389 198.168.1.1 3389 extendable

it supposed to be (if destination host for port forwarding is host 192.168.1.21)

ip nat inside source static tcp 192.168.1.21 3389 interface fa0/0 3389 extend

I have also try to add following, but this will not appair....
please, but with witch command i can check what are running or not?

conf t
class-map type inspect match-any www
 match access-group 100
class-map type inspect match-any RDP
 match access-group 100

policy-map type inspect Internet_to_Trusted
 class type inspect RDP
  inspect
 class type inspect www
  inspect
 class class-default
  drop

Scanning public IP
    - 0080 OPEN - Web-Server
    - 3389 OPEN - MS Terminal Services

Regards

Mauri

Hello

You'll will also require an ISP-Trusted rule to allow RDP be initiated from the outside of your network

try this:
no policy-map type inspect Trusted
no class-map type inspect match-any ICMP

access-list 100 permit tcp any any eq 3389

class-map type inspect match-any RDP
match access-group 100

policy-map type inspect ISP-Trusted
class type inspect RDP
inspect
class class-default
drop

zone-pair security ISP-LAN source ISP destination Trusted
service-policy type inspect ISP-Trusted

ip nat inside source static tcp 192.168.1.21 3389 interface FastEthernet0/0 3389

res
Paul

Hello Paul

Thanks for your Help and answer, but unfort. not running, i have done also any changes but the page that i Need arn't visible, after check me IP from the Router the port 3389 seems open.

Scanning public IP
    - 0080 OPEN - Web-Server
    - 3389 OPEN - MS Terminal Services

but the page will not appair.

possible any Routing Problem?

what i have read also that if you implement any ZBF you don't Need to set any ACL but i'am not shure this Moment, please for any Help i'am Happy!

Regards

Mauri

Hello

If you need to allow traffic from outside to initiate connecthen then you need a rule to allow this.

ZBF do support Acl and infact I don't think you can match on 3386 any other way

The config I posted should work however for testing remove ZBF from the Wan and Lan interfaces  and just test the natting instead.

int fa0/0
no zone-member security ISP

int fa0/1
no zone-member security Trusted

res
Paul