https://community.cisco.com/t5/network-security/authenticate-to-a-website-from-behind-asa/m-p/1250040#M838098 <P>Hi,</P><P></P><P> </P><P>I ran into a weird problem today. I am setting up ASA for a retail company. all the sales locations has ASA5505 version 7.2. A q-see webcam system is installed in each location. a manager at any location can monitor any remote one. the camera system is web based and uses the default port 80, connected directly to the Internet and is assigned a real IP address. Once a manager type in a camera address in his IE, he is prompt to enter his user name and password. Usually this is a straigh forward operation until I installed the ASA. Now, nothing</P><P></P> Mon, 11 Mar 2019 16:21:11 GMT zack 2019-03-11T16:21:11Z https://community.cisco.com/t5/network-security/authenticate-to-a-website-from-behind-asa/m-p/1250040#M838098 <P>Hi,</P><P></P><P> </P><P>I ran into a weird problem today. I am setting up ASA for a retail company. all the sales locations has ASA5505 version 7.2. A q-see webcam system is installed in each location. a manager at any location can monitor any remote one. the camera system is web based and uses the default port 80, connected directly to the Internet and is assigned a real IP address. Once a manager type in a camera address in his IE, he is prompt to enter his user name and password. Usually this is a straigh forward operation until I installed the ASA. Now, nothing</P><P></P> Mon, 11 Mar 2019 16:21:11 GMT https://community.cisco.com/t5/network-security/authenticate-to-a-website-from-behind-asa/m-p/1250040#M838098 zack 2019-03-11T16:21:11Z https://community.cisco.com/t5/network-security/authenticate-to-a-website-from-behind-asa/m-p/1250041#M838100 <HTML><HEAD></HEAD><BODY><P>I believe that q-see may require additional port for authentication.</P></BODY></HTML> Wed, 30 Sep 2009 07:06:46 GMT https://community.cisco.com/t5/network-security/authenticate-to-a-website-from-behind-asa/m-p/1250041#M838100 scudderconsulting 2009-09-30T07:06:46Z https://community.cisco.com/t5/network-security/authenticate-to-a-website-from-behind-asa/m-p/1250042#M838102 <HTML><HEAD></HEAD><BODY><P>I hope, you would have connected the web camera to the inside interface and the outside interface to the outside world. </P><P></P><P>If that is so, have you configured an ACL to allow port 80 inbound to the outside interface. </P><P></P><P>Also, you have mentioned that is using real IP address. </P><P></P><P>You need to configure a static rule that translates to the same real IP address.</P><P></P></BODY></HTML> Wed, 30 Sep 2009 08:46:47 GMT https://community.cisco.com/t5/network-security/authenticate-to-a-website-from-behind-asa/m-p/1250042#M838102 kicharle 2009-09-30T08:46:47Z https://community.cisco.com/t5/network-security/authenticate-to-a-website-from-behind-asa/m-p/1250043#M838105 <HTML><HEAD></HEAD><BODY><P>Hi Kicharle,</P><P>The cameras are connected directly to the internet and assigned a real IP adderss. I have no control over the way they are setup. managers used to authenticate correclty before I installed the ASA, now, when they try to connect, they still get the prompt for a user name and password but nothing happens after. I guess the ASA is blocking the reply from the camreas. here is the log</P><P></P><P></P><P>6 Sep 26 2009 20:10:07 302014 CameraLA4 TSinside Teardown TCP connection 4850 for outside:CameraLA4/80 to inside:TSinside/1476 duration 0:00:00 bytes 1850 TCP FINs </P><P></P><P></P><P> </P><P>6 Sep 26 2009 20:10:07 302013 CameraLA4 TSinside Built outbound TCP connection 4851 for outside:CameraLA4/80 (CameraLA4/80) to inside:TSinside/1477 (76.x.x.1/4175) </P><P></P><P></P><P> </P><P>6 Sep 26 2009 20:10:07 302013 CameraLA4 TSinside Built outbound TCP connection 4851 for outside:CameraLA4/80 (CameraLA4/80) to inside:TSinside/1477 (76.x.x.1/4175) </P><P></P><P></P><P> </P><P>6 Sep 26 2009 20:10:07 305011 TSinside 76.x.x.1 Built dynamic TCP translation from inside:TSinside/1477 to outside:76.x.x.1/4175 </P><P></P><P></P><P> </P><P>Any ideas?</P><P></P></BODY></HTML> Thu, 01 Oct 2009 00:53:10 GMT https://community.cisco.com/t5/network-security/authenticate-to-a-website-from-behind-asa/m-p/1250043#M838105 zack 2009-10-01T00:53:10Z https://community.cisco.com/t5/network-security/authenticate-to-a-website-from-behind-asa/m-p/1250044#M838107 <HTML><HEAD></HEAD><BODY><P>Hi scudderconsulting </P><P>you are right, it requires port TCP 2000 for video stream. but still, the camera is not behind any firewall. it's assigned a real IP. The client is behind a firewall.</P></BODY></HTML> Sat, 03 Oct 2009 05:25:40 GMT https://community.cisco.com/t5/network-security/authenticate-to-a-website-from-behind-asa/m-p/1250044#M838107 zack 2009-10-03T05:25:40Z