My client want to watch CCTV by apps from external and internal network.
I finished external part, now they can watch CCTV from outside.
And now I want to set internal part, but i haven't idea. I don't know how to redirect traffic from internal > external > internal
external ip is 220.127.116.11
internal asa is 192.168.1.254
cctv is 192.168.1.250
cctv internal/external port: 80
ASA 5512 9.4(2)
Hi there. You will need to configure three things:
1. Static PAT (NAT) that maps the public to private IP on the desired port. Here is a sample config:
object network CCTV host 192.168.1.254 nat (inside,outside) static 18.104.22.168 service tcp 80 80
2. ACL that will allow traffic from our lower security level interface (for instance "outside") to a higher security level (for instance "inside")
access-list OUTSIDE_IN extended permit tcp any host 192.168.1.254 eq 80
3. Apply the access-list to the "outside" interface:
access-group OUTSIDE_IN in interface outside
You can also use "packet-tracer" to confirm and troubleshoot this and any future configurations. Info on packet-tracer:
I hope this helps!
Thank you for rating helpful posts!
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: