Static NAT and PAT (port forwarding)
NOTE: This particular config was done on a Cisco 877 ADSL / DSL router however its known to work on the Cisco 800 series routers in general including the Cisco 827 Cisco 837 Cisco 877W the Cisco 1720 Cisco 1721 Cisco 1750 series and the CIsco 1600 series
Right so you have setup your Cisco DSL (or you only have one IP address from your ISP) and you have setup your DynDNS so that you can connect to the router. But now you what’s next?
Well the usual next step, and probably the whole reason you did this in the first place is so that you can connect to the server from the outside world for a web server or a mail server. or some thing similar.
The basic principal is that the connection is made in from the dialer interface (the external address) and passed to the internal address on a matching port.
There is a limitation to this though, if you have two web servers both listing for traffic on port 80 but only one external address you are going to run into a problem you would have to change the port numbers that the server listens on for instance from 80 to 8080 on the second server.
However you can have multiple servers doing different things in the example below there are 2 servers one (10.0.0.2) is a mail and web server and the other is VPN box running pptp
ip route 0.0.0.0 0.0.0.0 Dialer1
no ip http server
no ip http secure-server
router# conf t
router (config)#ip nat inside source static tcp 10.0.0.2 25 interface dialer 1 25
router (config)#ip nat inside source static tcp 10.0.0.2 21 interface dialer 1 21
router (config)#ip nat inside source static tcp 10.0.0.2 443 interface dialer 1 443
router (config)#ip nat inside source static tcp 10.0.0.2 80 interface dialer 1 80
router (config)#ip nat inside source static tcp 10.0.0.2 110 interface dialer 1 110
router (config)#ip nat inside source static tcp 10.0.0.3 1723 interface dialer 1 1723
router (config)#ip nat inside source static udp 10.0.0.3 1723 interface dialer 1 1723
Once you have done this, you can easily test this by connecting from the outside to your mailserver
telnet my-test-thing.dyndns.org 25
Connected to my-test-thing.dyndns.org.
Escape character is '^]'.
220 Mail Server Ready
The exact same thing can be used with a Static IP address some providers like to assign a /31 address which will leave you with one usable IP so instead of using "interface Dialer 1" you can use the static address
ip nat inside source static tcp 10.0.0.2 3389 188.8.131.52 3389 extendable
ip nat inside source static tcp 10.0.0.2 443 184.108.40.206 443 extendable
ip nat inside source static tcp 10.0.0.2 21 220.127.116.11 21 extendable
This will obviously not work for a dynamically assigned address for that you would have to use the first example
I hope this helps someone.