День добрый.
Помогите пожалуйста советом, очень хочется настроить проброс портов на древней домашней циске 851. подключаются клиенты к ней в основном по wi-fi, и все работает вроде бы хорошо. Извне могу к ней подключаться по телнету и ssh, но хочется заходить на внутренние машины по rdp(порт 3389).
вот такой конфиг использую:

Current configuration : 6426 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
service sequence-numbers
!
hostname Router
!
boot-start-marker
boot-end-marker
!
logging buffered 4096
!
no aaa new-model
clock timezone ZP4 4
!
crypto pki trustpoint TP-self-signed-4289336737
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-4289336737
revocation-check none
rsakeypair TP-self-signed-4289336737
!
!
crypto pki certificate chain TP-self-signed-4289336737
certificate self-signed 01

        quit
dot11 syslog
!
dot11 ssid HomeNet
   vlan 1
   authentication open
   authentication key-management wpa
   guest-mode
   wpa-psk ascii 0 XXXXX
!
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.0.1 192.168.0.99
ip dhcp excluded-address 192.168.0.115 192.168.0.255
!
ip dhcp pool netpool
   import all
   network 192.168.0.0 255.255.255.0
   default-router 192.168.0.254
   dns-server 95.107.47.14 95.107.47.4
   lease 0 2
!
ip dhcp pool STATIC-RASPBMC
   host 192.168.0.105 255.255.255.0
   client-identifier 0144.334c.6c1e.71
   default-router 192.168.0.254
   dns-server 95.107.47.14 95.107.47.4
   lease infinite
!
ip dhcp pool STATIC-MYPC
   host 192.168.0.100 255.255.255.0
   client-identifier 01b8.a386.0858.fe
   default-router 192.168.0.254
   dns-server 95.107.47.14 95.107.47.4
   lease infinite
!
ip dhcp pool STATIC-TV
   host 192.168.0.101 255.255.255.0
   client-identifier 0100.1eb8.0af9.1b
   default-router 192.168.0.254
   dns-server 95.107.47.14 95.107.47.4
   lease infinite
!
ip dhcp pool STATIC-NOKIA
   host 192.168.0.103 255.255.255.0
   client-identifier 01ac.81f3.880b.09
   default-router 192.168.0.254
   dns-server 95.107.47.14 95.107.47.4
   lease infinite
!
ip dhcp pool STATIC-HTC
   host 192.168.0.106 255.255.255.0
   client-identifier 01d4.206d.7f8c.1f
   default-router 192.168.0.254
   dns-server 95.107.47.14 95.107.47.4
   lease infinite
!
ip dhcp pool STATIC-FATHER
   host 192.168.0.107 255.255.255.0
   client-identifier 01ac.f1df.0503.f1
   default-router 192.168.0.254
   dns-server 95.107.47.14 95.107.47.4
   lease infinite
!
ip dhcp pool STATIC-JIAYU
   host 192.168.0.104 255.255.255.0
   client-identifier 0100.0822.434e.50
   default-router 192.168.0.254
   dns-server 95.107.47.14 95.107.47.4
   lease infinite
!
ip dhcp pool STATIC-KOSTIK
   host 192.168.0.102 255.255.255.0
   client-identifier 0190.a4de.8eed.42
   default-router 192.168.0.254
   dns-server 95.107.47.14 95.107.47.4
   lease infinite
!
!
ip cef
no ip domain lookup
ip name-server 95.107.47.14
!
!
!
username Gnom privilege 15 secret 5 XXXX
!
!
archive
log config
  hidekeys
!
!
!
bridge irb
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
description $ETH-WAN$
no ip address
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
pppoe enable group global
pppoe-client dial-pool-number 1
!
interface Dot11Radio0
no ip address
ip virtual-reassembly
!
encryption vlan 1 mode ciphers tkip
!
broadcast-key vlan 1 change 45
!
!
ssid HomeNet
!
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0
54.0
station-role root
!
interface Dot11Radio0.1
encapsulation dot1Q 1 native
ip nat inside
ip virtual-reassembly
no cdp enable
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
!
interface Vlan1
description $FW_INSIDE$
no ip address
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1452
bridge-group 1
bridge-group 1 spanning-disabled
!
interface Dialer0
description $FW_OUTSIDE$
ip address negotiated
no ip redirects
no ip unreachables
no ip proxy-arp
ip mtu 1492
ip nat outside
ip virtual-reassembly
encapsulation ppp
no ip mroute-cache
dialer pool 1
dialer-group 1
no keepalive
ppp authentication chap callin
ppp chap hostname XXX
ppp chap password 0 XXX
ppp ipcp dns request
hold-queue 1024 in
!
interface Dialer1
no ip address
!
interface BVI1
ip address 192.168.0.254 255.255.255.0
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1452
arp log threshold entries 1
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer0
!
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source list 1 interface Dialer0 overload
ip nat inside source static tcp 192.168.0.100 3389 interface Dialer0 3389
ip nat inside source static tcp 192.168.0.100 3389 95.XX.XX.XX 3389 extendable
!
dialer-list 1 protocol ip permit
!
control-plane
!
bridge 1 protocol ieee
bridge 1 route ip
!
line con 0
login local
no modem enable
line aux 0
line vty 0 4
privilege level 15
login local
transport input telnet ssh
!
scheduler max-task-time 5000
end

спасибо всем откликнувшимся)