cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
53
Views
0
Helpful
3
Replies
Beginner

ASA static nat

So, long story short - we have a security company that needs access to their camera internal, what the best way to go about this - i created NAT mapping as per screenshot but it doesnt seem right.

end result is - external company can connect to camera device only in a specific subnet with a static ip (which i thought i did) but as they tested the only ip they cant connect to is the static IP i identified in the NAT.

so, thoughts? what am i missing.

here is the result scenario;

 

camera (port 2001) <-> FW <-> Security company ( 1 to 1, using external IP address)

192.168.0.9 (2001) <-> FW ext. ip 22.22.22.33<-> Security company.

1 ACCEPTED SOLUTION

Accepted Solutions
Participant

Hi,

Hi,

 

Thanks for the info.

 

The NAT and ACL portion of the configuration looks ok and the fact that you are seeing hits on the outside ACL is a good sign.

Can you confirm that the 192.168.7.5 camera has been configured with a default gateway of the Cisco ASA firewall, or if not, the device that is being used as the default gateway has a default route with a next-hop IP of the Cisco ASA firewall?

3 REPLIES 3
Participant

Hi,

Hi,

Have you also created a corresponding access list rule to permit access on your outside interface from the security company to the security camera on port 2001?

Would you be able to post the ASA NAT and ACL text config?

Highlighted
Beginner

Hi there, sorry for delay

Hi there, sorry for delay this is what i have for NAT;

4 (Inside) to (Outside) source static NEXUS-SEC-CAM SecurityCam
translate_hits = 689, untranslate_hits = 1102
Source - Origin: 192.168.7.5/32, Translated: 67.226.238.135/32

access-list Outside_access line 1 extended permit ip any4 object NEXUS-SEC-CAM (hitcnt=902) 0xb3d91655
access-list Outside_access line 1 extended permit ip any4 host 192.168.7.5 (hitcnt=902) 0xb3d91655

Hope this is enough info, thanks.

Participant

Hi,

Hi,

 

Thanks for the info.

 

The NAT and ACL portion of the configuration looks ok and the fact that you are seeing hits on the outside ACL is a good sign.

Can you confirm that the 192.168.7.5 camera has been configured with a default gateway of the Cisco ASA firewall, or if not, the device that is being used as the default gateway has a default route with a next-hop IP of the Cisco ASA firewall?

CreatePlease to create content
Content for Community-Ad
July's Community Spotlight Awards