Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
865
Views
0
Helpful
1
Replies

If I in internal network how can I connect internal device by external IP

cwhlaw2009
Level 1
Level 1

‎05-03-2016 08:47 PM - edited ‎03-10-2019 12:38 AM

Dear All

My client want to watch CCTV by apps from external and internal network.

I finished external part, now they can watch CCTV from outside.

And now I want to set internal part, but i haven't idea. I don't know how to redirect traffic from internal > external > internal

for example

external ip is 1.1.1.1

internal asa is 192.168.1.254

cctv is 192.168.1.250

cctv internal/external port: 80

ASA 5512 9.4(2)

Labels:
0 Helpful
1 Reply 1

nspasov
Cisco Employee
Cisco Employee

‎05-04-2016 04:22 PM

Hi there. You will need to configure three things:

1. Static PAT (NAT) that maps the public to private IP on the desired port. Here is a sample config:

object network CCTV
    host 192.168.1.254
    nat (inside,outside) static 1.1.1.1 service tcp 80 80

2. ACL that will allow traffic from our lower security level interface (for instance "outside") to a higher security level (for instance "inside")

access-list OUTSIDE_IN extended permit tcp any host 192.168.1.254 eq 80

3. Apply the access-list to the "outside" interface:

access-group OUTSIDE_IN in interface outside

You can also use "packet-tracer" to confirm and troubleshoot this and any future configurations. Info on packet-tracer:

https://supportforums.cisco.com/document/29601/troubleshooting-access-problems-using-packet-tracer

I hope this helps!

Thank you for rating helpful posts!

0 Helpful
Customers Also Viewed These Support Documents