11-11-2003 02:05 AM - edited 02-20-2020 11:05 PM
Hello
We have recently installed PIX Firewall. Everything seems to be working fine (http, ftp, etc). There is one application which uses Pelco device (Video camera devices). The application uses the tcp port 9999 (to talk to the host) and the port from client changes from 2800-3000.
Need to fix this problem urgently
Thanks
Agnelo
11-11-2003 09:48 PM
Hi Angelo,
I still not sure what is the problem, since it has not been described properly. Is the client not able to connect? is the video device not able to connect? where is the client inside or outside?
Thanks
Nadeem
11-12-2003 11:01 PM
Hi Nadeem
There is a Pelco Video camera (DX7000) devices which allows the real-time view of all the cameras which are connected to this device.
To view the real-time frames, the client use a S/W (again supplied by pelco) and connect to the DX7000(which has IP address) device and view the frames.
When there was no PIX firewall all the clients were able to view the camera snapshots from inside the network and also from the Internet.
After installing the PIX, user inside the network are able to see the camera snapshots but the users from the internet cannot view the frames. The client uses TCP PORT 9999 to contact the host (ie DX7000) and the client uses random tcp port nos. starting from 2800-2900.
Agnelo
11-12-2003 11:20 PM
I suggest you create a static mapping from internet to your inside network (where your device is placed) and open tcp port 9999 for inbound connections from internet(outside) to inside.
you have to use static mapping for it and then allow the appropriate traffic from clients (any) to the specific Public IP and TCP port using access-list applied to the outside interface of your PIX.
( Clients from internet will use this IP address and port 9999 to connect to your palio device).
11-12-2003 11:53 PM
Hi ralli
tks for the reply. But there is no NAT on the firewall configured and even the device (DX7000) has a valid IP address. There is also a FTP in DMZ and and using an access-list to let the traffic reach to the FTP server
I have also used a access-list to allow the traffic. But it is not working.
Agnelo
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide