11-09-2010 01:38 AM - edited 03-11-2019 12:06 PM
Hello,
I would like to open a port on my Cisco 881 router at work, to allow me to see my WVC cameras from home.
Does anyone know the commands for this configuration??
Any help will be appreciate.
Thank you
Kind Regards
Leon
Solved! Go to Solution.
11-09-2010 08:12 PM
With only 1 public ip address, ie: your fa4 interface, then the following would be the command:
ip nat inside source static tcp 192.168.2.100 1024 interface fa4 1024
11-09-2010 01:51 AM
Assuming that your WVC cameras has private ip address, you would need to NAT it to a public ip address or configure static PAT on the router external ip address to access it from home.
What port does your WVC cameras uses? and do you have a spare public ip address, or are you going to use your router external ip address for static PAT? Can you share the current NAT configuration?
11-09-2010 02:05 AM
Hi Jennifer,
My WVC camera uses the 1024 port. I don't have a spare public IP so I'm going to use my router's external ip address for static PAT.
Here is my current configuration on my Cisco 881 router at work:
Current configuration : 2632 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
boot-start-marker
boot-end-marker
!
logging message-counter syslog
!
no aaa new-model
!
crypto pki trustpoint TP-self-signed-xxxxxxxxxxx
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-xxxxxxxxxxx
revocation-check none
rsakeypair TP-self-signed-xxxxxxxxxxx
!
!
ip source-route
ip dhcp excluded-address 192.168.2.1
ip dhcp excluded-address 192.168.2.100
!
ip dhcp pool ccp-pool
import all
network 192.168.2.0 255.255.255.0
dns-server x.x.x.x x.x.x.x
default-router 192.168.2.1
lease 0 2
!
!
ip cef
ip name-server x.x.x.x
ip name-server x.x.x.x
!
!
!
!
username xxxxxxxxxxx privilege 15 password 0 xxxxxxxxxxx
!
!
crypto isakmp policy 9
hash md5
authentication pre-share
crypto isakmp key xxxxxxxxxxx address x.x.x.x
!
crypto ipsec security-association lifetime seconds 86400
!
crypto ipsec transform-set STRONG ah-md5-hmac esp-3des esp-sha-hmac
!
!
crypto map VPN 1 ipsec-isakmp
set peer x.x.x.x
set transform-set STRONG
match address 101
!
!
archive
log config
hidekeys
!
!
!
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
description Connection towards Primetel Modem
ip address x.x.x.x 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
crypto map xxx
!
interface Vlan1
description Local LAN
ip address 192.168.2.1 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1452
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 x.x.x.x
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
ip nat inside source route-map NONAT interface FastEthernet4 overload
ip nat inside source static tcp 192.168.2.100 3389 x.x.x.x 3389 extendable
!
ip access-list extended nonat_nat
deny ip 192.168.2.0 0.0.0.255 192.168.15.0 0.0.0.255
permit ip 192.168.2.0 0.0.0.255 any
!
access-list 15 permit 192.168.2.0 0.0.0.255
access-list 101 permit ip 192.168.2.0 0.0.0.255 192.168.15.0 0.0.0.255
route-map NONAT permit 1
match ip address nonat_nat
!
!
control-plane
!
!
line con 0
no modem enable
line aux 0
line vty 0 4
privilege level 15
password xxxxxxx
login local
transport input telnet ssh
!
scheduler max-task-time 5000
end
11-09-2010 02:09 AM
Then it would be as follows:
ip nat inside source static tcp
Assuming that the camera uses TCP as the protocol on port 1024. Pls replace
Hope that helps.
11-09-2010 02:11 AM
Thank you Jeniffer,
I'll try that later on and I will let you know.
Thank you so much.
11-09-2010 02:52 AM
Hi Jennifer,
just one more question,
do I also need to configure another command to open the camera port?
for example:
ip nat inside source static tcp 192.168.2.100 1024 x.x.x.x 1024 extendable
where:
SERVER IP: 192.168.2.100
PUBLIC IP: x.x.x.x
Thank you
11-09-2010 03:05 AM
I thought you mention that you don't have any spare public ip address, hence you are using the router external interface.
The config should be as follows:
ip nat inside source static tcp 192.168.2.100 1024 interface fa4 1024
11-09-2010 03:49 AM
Hi Jennifer,
I thought you meant if I have a two public IPs.
Basically, I have only one public IP that is the f4 interface, the router's external.
So, according to this, which of these two commands fits my scenario?
Thank you
11-09-2010 05:39 AM
Hello,
Unfortunately, The IP address of the outside insterface has only 1 port with ID 1024, if there is another camara that you need to access, it would be good idea to check if it can listen on another port and do the same forwarding as you did with the first one.
Mike.
11-09-2010 11:05 PM
Thank you Mike.
It worked perfectly.
11-09-2010 08:12 PM
With only 1 public ip address, ie: your fa4 interface, then the following would be the command:
ip nat inside source static tcp 192.168.2.100 1024 interface fa4 1024
11-09-2010 10:26 PM
Thank you Jennifer.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide