I have a feeling there is a fairly simple answer to my problem. I have a Server 2003 machine with Routing and Remote Access enabled. The machine has two network cards, one set to an internal IP(192.168.1.1) and one with an external IP(66.123.456.789). I have a number of ports open on the external NIC that are routed to internal IP addresses. For example, I may have port 9090 routed to IP 192.168.1.5. If I am on the internal network and I try to go to 66.123.456.789:9090 it will not work. However, if I am outside the internal network, say working from home, and I hit 66.123.456.789:9090 it will work. So basically I need a way for internal users to be able to hit our external firewall IP address with a port number and have it route properly. Right now we are getting by using the internal IP address and port (192.168.1.5:9090) but I really need internal users to be able to use 66.123.456.789:9090. Any advice or direction would be appreciated. Thanks.

I'm not sure I understand why you would "need" users to hit the firewall and be port forwarded to an internal resource. As a rule of thumb, you use the internal address (or name) to access internally. My advice is keep it the way it is because what you're attempting to do is make users go out from inside, then come back in again.....which doesn't make much sense.

The main reason for this is for an application I am using. WinCVS is an app that associates an IP address to files/folders. I have users outside the LAN and inside the LAN who use WinCVS. The IP address associated with each file/folder must be the same for all users to have access. Therefore, I need users on the inside to use a public IP so the outside users can also have access. Not sure what your familiarity with this app is, it is an open source versioning system using for developers. I was originally using a basic home user Linksys router which allowed internal users to use the public address. I assumed Server 2003 could do the same. I really need this to work in this senario.

Hmmmm....that does present an interesting case. I have no experience with WinCVS but at least now I do understand why you need to set it up the way you're talking about. I've never tried to do something similar myself but it seems to me that if your internal clients are using the external IP with port, it should work for them unless the internal facing side of the firewall is blocking it somehow. I would definately check through your firewall settings and see. Hopefully someone else who's had to deal with a similar issue will come along and give you a more definite idea on what to do to make this happen.

Hi You can resolve it like the following. You NAT the Internal IP with the public IP address. Allow the internal user through the internal IP and external user with external IP. When you open up port you just open port for the internal IP since it is NAT with external IP. With regards, http://www.salem-radha.com

"I have a number of ports open on the external NIC that are routed to internal IP addresses. For example, I may have port 9090 routed to IP 192.168.1.5." I agree that you nat in ras but the statement above seems to suggest that you already are trying to nat. Are you sure the nat is setup both ways and with all the correct ports and protocol types?

Yes, I am allowing CVS remote user by doing like this. http://www.salem-radha.com