I have a Cisco IR1101 router with a Network Essentials license. Previously I have setup the router with a VPN and shipped camera traffic back to our main location. However, I have since found out that across the VPN camera traffic is not supported by our vendor and I have enough public IPs to allow for each camera to have it's own IP. I want to change the way the server and camera connect. The server connects to the camera via IP and then has the camera ship the video back to it. My plan is to setup the cameras after the change using two of the public IPs of the IR1101 (184.108.40.206 & 220.127.116.11).
So, what I would like to do is for traffic inbound from a specific IPs of 18.104.22.168 & 22.214.171.124 to this site's loopback interface 126.96.36.199 and 188.8.131.52, I would like to NAT to my internal Camera IPs of 10.78.55.51 & 52 and allow that traffic.
Also, my IPs of my main site's two ISPs are currently allowed to SSH and get to the web management of the IR1101, all other internet is allowed to ping and that is all.
What's the most recommended solution for that? ACL and NAT or ??
On a sonicwall I would just create four NAT rules that said
from 184.108.40.206 to 220.127.116.11 NAT to 10.78.55.51
from 18.104.22.168 to 22.214.171.124 NAT to 10.78.55.51
from 126.96.36.199 to 188.8.131.52 NAT to 10.78.55.52
from 184.108.40.206 to 220.127.116.11 NAT to 10.78.55.52
And then I could create one firewall rule that said allow 18.104.22.168 or 22.214.171.124 to 126.96.36.199-78