cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
343
Views
0
Helpful
3
Replies

ASA static nat

mrochac
Level 1
Level 1

So, long story short - we have a security company that needs access to their camera internal, what the best way to go about this - i created NAT mapping as per screenshot but it doesnt seem right.

end result is - external company can connect to camera device only in a specific subnet with a static ip (which i thought i did) but as they tested the only ip they cant connect to is the static IP i identified in the NAT.

so, thoughts? what am i missing.

here is the result scenario;

 

camera (port 2001) <-> FW <-> Security company ( 1 to 1, using external IP address)

192.168.0.9 (2001) <-> FW ext. ip 22.22.22.33<-> Security company.

1 Accepted Solution

Accepted Solutions

Hi,

 

Thanks for the info.

 

The NAT and ACL portion of the configuration looks ok and the fact that you are seeing hits on the outside ACL is a good sign.

Can you confirm that the 192.168.7.5 camera has been configured with a default gateway of the Cisco ASA firewall, or if not, the device that is being used as the default gateway has a default route with a next-hop IP of the Cisco ASA firewall?

View solution in original post

3 Replies 3

willwetherman
Spotlight
Spotlight

Hi,

Have you also created a corresponding access list rule to permit access on your outside interface from the security company to the security camera on port 2001?

Would you be able to post the ASA NAT and ACL text config?

Hi there, sorry for delay this is what i have for NAT;

4 (Inside) to (Outside) source static NEXUS-SEC-CAM SecurityCam
translate_hits = 689, untranslate_hits = 1102
Source - Origin: 192.168.7.5/32, Translated: 67.226.238.135/32

access-list Outside_access line 1 extended permit ip any4 object NEXUS-SEC-CAM (hitcnt=902) 0xb3d91655
access-list Outside_access line 1 extended permit ip any4 host 192.168.7.5 (hitcnt=902) 0xb3d91655

Hope this is enough info, thanks.

Hi,

 

Thanks for the info.

 

The NAT and ACL portion of the configuration looks ok and the fact that you are seeing hits on the outside ACL is a good sign.

Can you confirm that the 192.168.7.5 camera has been configured with a default gateway of the Cisco ASA firewall, or if not, the device that is being used as the default gateway has a default route with a next-hop IP of the Cisco ASA firewall?

Review Cisco Networking for a $25 gift card