Need guidance on rerouting traffic to public interface from private network

baskervi · ‎12-07-2012

We have an ASA at a remote location that gets a dynamic address through a DSL connection. We just put a camera system out there, and the owner wants to be able to see the video inside or outside this facility from his phone. We have configured the dynamic IP through no-ip.com, so there isn't a problem getting access to the cameras externally. However, when access the camers from inside the network through the wi-fi, the phone attempts to access the cameras through its no-ip address, and the firewall prevents this. The following commands don't help any:

same-security-traffic permit inter-interface

same-security-traffic permit intra-interface

I can't set up dns doctoring, as we only have the one IP and port forwarding is configured. Does anyone have a solution for this? Thanks

Jennifer Halim · ‎12-09-2012

is there any possibility of setting 2 profiles on the phone for the camera? one with the no-ip.com, and the other with the private ip address. So when he is inside the network, he would click on the inside profile, and when he is outside, he would use the no-ip.com profile?

or, does he have an internal dns server where you can setup the no-ip.com to resolve to the inside address when he is inside the network?

unfortunately since you only have one ip and assuming that it is the outside ASA address, then dns doctoring would not work.

baskervi · ‎12-10-2012

That is certainly possible, and it's the way we have it set up in the interim. However, this is a very nontechnical user, and he is having problems remembering to switch between the two when he comes in the office.