The company I work for has a branch office in Phoenix and they just had their dvr security systems installed with 12 new cameras and they want to use the speco player app to view when offsite. They have app set for 2 Devices. The first device is named "Old Cameras" which will show you the first 9 cameras, and the 2nd device called "New Cameras" will show the other 12. The reason for this is because you can only view 16 cameras at a time on the app.

Now they have the first 9 cameras on ip 192.168.8.227, and the 12 new cameras on 192.168.8.228. I got the the first device on the app to work by opening up port 5445 on the ASA, as this was the port the technician installing the system said to open, along with port 443, and port 80. On the dvr he had set the ports to 5445 on both 8.227 and 8.228. 

This is how I configured the port forwarding on the ASA which opened up port 5445:

object network obj-inside
range 192.168.8.227 192.168.8.228

nat (inside,outside) static interface service tcp 5445 5445

access-list outside_access extended permit tcp any object obj-inside eq 5445
access-group outside_access in interface outside

I can't for the life of me get the 2nd device "New Cameras" to work on the app. When I select "New Cameras" on the app is just show's the 16 blank screens and will eventually timeout. I tried everything from configuring ACL's with object groups to just configuring object networks. I wanted to have someone try changing the port on 8.228 to like port 5447, or even port 554. But other than port 5445,443,80,22 I can't seem to get the ASA to open any other ports. This has really stumped me.

I then went and re-configured the object networks for hosts, which worked for port 5445, but nothing else. Here is the config I used:

object network obj-inside

host 192.168.8.227

nat (inside,outside) static interface service tcp 5445 5445

access-list outside_access extended permit tcp any object obj-inside eq 5445

access-group outside_access in interface outside

After doing this port 5445 was opened.

That opens up port 5445 no problem. But when I do the same for 8.228 on wither port 5447 or port 554, they port will not open. Here is how I configured it:

object network obj-inside1

host 192.168.8.228

nat (inside,outside) static interface service tcp 5447 5447

access-list outside_access extended permit tcp any object obj-inside1 eq 5447

Checked the port status and port 5447 remained closed. 

I did the same thing for port 554 just switched tcp to udp, but the port would not open.

One last bit of information, on the app it asks for a IP/DNS, and at first even with port 5445 I couldn't get either device to open using some weird DDNS address the technician provided. But once I change that address to the outside interface of the ASA, the first device "Old Cameras" loaded up.

Any advice would be greatly appreciated.