11-10-2012 10:02 AM - edited 03-04-2019 06:05 PM
Hello guys, need some help, i am very green in Networking.
Please help me in this commands.
Currently we have 2 office, in India n Singapore, without any wan connection between this 2 office. This India office has installed some wireles cam (192.168.1.15), I want to monitor this wireless cam in Singapore office, and also at the same time open up 18 ports (9101 - 9119) for the 18 cams, (192.168.1.15:9101 - 9119).
from my understanding, i believe i will need to get 1 WAN IP address to translate to their 192.168.1.15:9101 - 9119? So that from Singapore office, I can access to their cam through the India WAN ip?
Please advice the command.
Below is the config
boot-start-marker
boot-end-marker
!
!
enable secret 4 06YFDUHH61wAE/kLkDq9BGho1QM5EnRtoyr8cHAUg.2
!
aaa new-model
!
!
!
!
!
!
!
aaa session-id common
!
no ipv6 cef
ip source-route
ip cef
!
!
!
ip dhcp excluded-address 192.168.1.161 192.168.1.172
!
ip dhcp pool LAN
import all
network 192.168.1.0 255.255.255.0
default-router 192.168.1.254
dns-server 212.76.85.145 213.236.32.2
lease 0 2
!
!
ip name-server 212.76.85.145
ip name-server 213.236.32.2
multilink bundle-name authenticated
!
crypto pki token default removal timeout 0
!
!
license udi pid CISCO1941/K9 sn FCZ162091HZ
!
!
username wael secret 4 n0V/y9uy56hzE90yiFc4hFTclRUtqGgKuR3D.Rw5PME
!
!
!
!
!
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
description Connected To POE - WAN
ip address 172.21.5.90 255.255.255.248
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
!
interface GigabitEthernet0/1
description LAN
ip address 192.168.1.254 255.255.255.0 secondary
ip address 213.236.56.233 255.255.255.248
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
ip nat inside source list 101 interface GigabitEthernet0/1 overload
ip route 0.0.0.0 0.0.0.0 172.21.5.89
!
access-list 101 permit ip 192.168.1.0 0.0.0.255 any
!
!
!
!
!
control-plane
!
!
!
line con 0
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport input all
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
transport input all
!
scheduler allocate 20000 1000
end
Please advise the command to do this.
Best Regards
11-10-2012 11:33 AM
Hi,
I believe you can setup static NAT for this situation:
access-list 101 permit tcp host any range 9101 9119 any
route-map NAT permit 10
match ip add 101
ip nat inside source static x.x.x.x y.y.y.y route-map NAT
Try this, let me know if it work for you.
Please rate helpful posts.
11-10-2012 08:18 PM
Hi abzal, may I know for this command ip nat inside source static x.x.x.x y.y.y.y route-map NAT, which ip should I enter?
Sorry as I am really new to networking n also company.
Please advise.
11-10-2012 06:48 PM
Hello Yeo,
In this case you can use a static NAT for each camera, the 18 cameras are IP or do you have a DVR conected to the every camera through Coaxial cable?
In this case I recommend you setup a site to site VPN if both places have static public ip address for securing all traffic.
Best regards.
11-10-2012 08:15 PM
Hi ef-Molina, currently our company still don't have this intention to go into site to site VPN yet. And your are correct, all 18 cameras are ip cameras, over there we are using a pc/server (192.168.1.15) for the ip camera monitoring over at their site.
and for singapore, we are using vlc media player to access to (192.168.1.15:9101 - 9119) all the cameras there.
11-10-2012 08:48 PM
ip nat inside source static 192.168.1.15 y.y.y.y route-map NAT
y.y.y.y - public IP of remote site.
You need to configure these commands on remote router. What model of router you have there? How is connected to the Internet? Show us topology then we can expalin better.
Please rate helpful posts.
11-11-2012 04:26 PM
Hi Abzal,
I tried the above command, it doesnt work.
The router that they are using is Cisco Router 1941.
for now i am using teamviewer software to remote in to 1 of the servers and do the telnet command from there.
Connection to the internet via their ISP internet broadband, connecting to the router.
Judging by the config i post, i believe is their 0/0 interface PPPoe WAN.
1 question, is it normal that i could not ping to their WAN Internet IP?
I believe this description should be their WAN int right?
description Connected To POE - WAN
ip address 172.21.5.90 255.255.255.248
ip nat outside
Please advise.
11-10-2012 09:34 PM
Hi Yeo,
So if you access to the cameras through a PC/Server you only need reach that machine with remote desktop (I recommend it) with port 3389 so the configuration is the following:
conf t
!
!
ip nat inside source static tcp 192.168.1.15 3389 X.X.X.X 3389
!
where X.X.X.X is the public IP Address from th router.
if you don´t have a static public IP Address and use PPPoE to connect to Internet you can use the following:
conf t
!
!
ip nat inside source static tcp 192.168.1.15 3389 interface dialer YY 3389
!
where YY is the number of the Dialer Interface.
Another way is to NAT every camera to access directly from your location, what is the original administration port of the camera? how do you administer they and view the video from them?
Best regards.
11-11-2012 04:27 PM
Hi Ef-molina,
I wish i could do that. but my boss didnt want to use RDP.
11-11-2012 07:28 PM
Hi, when i use internet browser http://whatismyaddress.com, i got this IP address: 213.236.56.233, which i recon that it should be my public internet address, which is pingable from my singapore office.
when i have done the show nat translations in the router i got this.
xxx#sh ip nat translations
Pro Inside global Inside local Outside local Outside global
tcp 213.236.56.233:59584 192.168.1.11:59584 37.252.224.5:5938 37.252.224.5:593
tcp 213.236.56.233:49655 192.168.1.15:49655 37.252.225.5:5938 37.252.225.5:593
udp 213.236.56.233:50622 192.168.1.101:50622 132.163.4.9:53 132.163.4.9:53
tcp 213.236.56.233:50753 192.168.1.101:50753 37.252.230.19:5938 37.252.230.19:
38
tcp 213.236.56.233:51036 192.168.1.101:51036 119.82.123.68:5938 119.82.123.68:
38
tcp 213.236.56.233:51041 192.168.1.101:51041 79.140.95.107:80 79.140.95.107:80
tcp 213.236.56.233:51042 192.168.1.101:51042 79.140.95.129:80 79.140.95.129:80
udp 213.236.56.233:52389 192.168.1.101:52389 129.6.13.3:53 129.6.13.3:53
udp 213.236.56.233:52409 192.168.1.101:52409 132.163.4.9:53 132.163.4.9:53
udp 213.236.56.233:52621 192.168.1.101:52621 129.6.13.3:53 129.6.13.3:53
udp 213.236.56.233:61390 192.168.1.101:61390 202.156.196.110:53510 202.156.196
10:53510
udp 213.236.56.233:1025 192.168.1.161:10001 192.168.10.22:2615 192.168.10.22:2
Please advise.
11-11-2012 07:40 PM
Then your should be like this:
access-list 101 permit tcp host any range 9101 9119 any
route-map NAT permit 10
match ip add 101
ip nat inside source static 192.168.1.15 213.236.56.233 route-map NAT
then show your config.
Please rate helpful posts.
11-11-2012 09:50 PM
Hi, when i tried it prompted error.
xxx(config)#access-list 101 permit tcp host any range 9101 9110 any
Translating "any"...domain server (212.76.85.145)
^
% Invalid input detected at '^' marker.
OMS(config)#access-list 101 permit tcp host any range 9101 9110 any
Translating "any"...domain server (212.76.85.145)
^
% Invalid input detected at '^' marker.
OMS(config)#access-list 101 permit tcp host any range 9101 9119 any
Translating "any"...domain server (212.76.85.145)
^
% Invalid input detected at '^' marker.
possible to enter this command? access-list 101 permit tcp any range 9101 9119 any?
Please advise.
11-11-2012 10:07 PM
ok, try this one instead
ip access-list extended PORTFWD
permit tcp any range 9101 9119 any
route-map NAT permit 10
match ip add PORTFWD
ip nat inside source static 192.168.1.15 213.236.56.233 route-map NAT
11-14-2012 12:29 AM
Hi Sorry for the delay, the resulting commands doesnt seems to work.
I tried to internally stream this IP: 213.236.56.233:9101 in India Branch VLC player, also there is nothing on the screen, same here in Singapore branch.
Do i need to copy run start before it can actually works? i am think it is easier to reload the router to orginal configuration for this.
Please advise.
11-11-2012 06:55 PM
Hi,
Not pinging ISP address not normal.
Is Internet connection working on your with current config?
I think you have non routable address on your WAN interface that's why it's not working. I mean static nat.
You need public IP addresses for this.
Sent from Cisco Technical Support iPhone App
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide