12-07-2012 10:31 AM - edited 03-11-2019 05:34 PM
We have an ASA at a remote location that gets a dynamic address through a DSL connection. We just put a camera system out there, and the owner wants to be able to see the video inside or outside this facility from his phone. We have configured the dynamic IP through no-ip.com, so there isn't a problem getting access to the cameras externally. However, when access the camers from inside the network through the wi-fi, the phone attempts to access the cameras through its no-ip address, and the firewall prevents this. The following commands don't help any:
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
I can't set up dns doctoring, as we only have the one IP and port forwarding is configured. Does anyone have a solution for this? Thanks
12-09-2012 11:14 PM
is there any possibility of setting 2 profiles on the phone for the camera? one with the no-ip.com, and the other with the private ip address. So when he is inside the network, he would click on the inside profile, and when he is outside, he would use the no-ip.com profile?
or, does he have an internal dns server where you can setup the no-ip.com to resolve to the inside address when he is inside the network?
unfortunately since you only have one ip and assuming that it is the outside ASA address, then dns doctoring would not work.
12-10-2012 08:04 AM
That is certainly possible, and it's the way we have it set up in the interim. However, this is a very nontechnical user, and he is having problems remembering to switch between the two when he comes in the office.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide