Re: Help to Nat VSOM

Tarek Ben Mimoun · ‎01-19-2011

Dear

I have installed 24 cameras Cisco and in a 1RU server VSMS 6.2.1/VSOM 4.2.1 .

I can see all the cameras via vsom but only in the LAN of the building .

I have configured NAT for the server VSMS / VSOM .

Now I can access from outside of the building at the interface of VSOM client but I can’t view the cameras. and I have the error name_of_cameras Unreachable .

I need some help ,it’s may first installation .

Thanks

ncehreli · ‎01-19-2011

Hello,

As far as I understand you also have NAT between your VSMS and cameras. In case of Cisco SD cameras; for MJPEG feed, we have HTTPS-443 and RTSP-554 on control channel and TCP/RTP-Interleaved binary data 554 on data channel. For instance for H264/MPEG4 we have UDP/RTP with the port specified during RTSP setup messages. So your NAT/FW should be aware of these TCP/UDP ports and application level communication.

Best Regards
Necati Cehreli

Scott Olsen · ‎01-19-2011

I believe that's correct for *Cameras* to communicate to VSMS, but keep in mind that once the direct proxies are running on the applicable VSMS server, the VSOM workstation will attempt to connect to the address of the IP used to register the VSMS server in VSOM on port 80 for applicable feeds.

I believe the problem here is that although you can NAT to the web service within VSOM, the "bwims" resource address that VSOM generates and provides to the client will actually be constructed (as mentioned above) using the IP address the VSMS server was registered with. This breaks the NAT model.

You *might* be able to register the VSMS server with a HOSTNAME and have it resolve to a NAT'd address from the "outside", but I can't gaurantee it.

Scott Olsen Solutions Specialist Bulletproof Solutions Inc. Web: www.bulletproofsi.com

ncehreli · ‎01-19-2011

Hi Scott,

Yes, this is also another important point for the VSOM-Client part of the picture. This can be achieved by putting the external NAT pool and the internal address of the VSMS in different DNS zones (if the same DNS server is used both internally and externally) or you can use local hosts file on VSOM(using internal IP) and client WS(using external NAT IP), and configuring the address of VSMS in VSOM as the hostname. Also you should make sure that the apache config(/usr/BWhttpd/conf/httpd.conf) for VSM is configured with this hostname for the ServerName directive.

Best Regards
Necati Cehreli

Tarek Ben Mimoun · ‎01-20-2011

dear

I turn off the firewall of the server and I opened the ports TCP / UDP 443/554/1066/8086/5002 and several other ports but I again blocked.

I have no problem to viewing in the LAN, all works well.
I can outside access to the VSOM interface , I can add or remove a camera so I can schedule or delete an archive but I can not see live cams or the archive.

and I have a Server Error message .

Thanks .

ncehreli · ‎01-21-2011

Dear Tarek

Please check my second post. VSOM is advertising the private IP of VSMS instead of the NAT address, that's why you are getting endpoint errors.

Best Regards
Necati Cehreli

Tarek Ben Mimoun · ‎02-07-2011

Dear

I try to nat vsom but still the same problem, I see a try to follow your solution with the presence of an experienced Linux. but in the end I use the EasyVPN solution for remote access.

Thanks