I am currently still strengthening my networking skills since I just got my CCNA.
Currently I have a device that is using Audio over IP concepts. According to the documentation it uses Port 80 TCP (GUI-Management), and Port 655 TCP/UDP. With this device, I have it connected to a switch with a Class C IP address (192.168.10.X/24). Here's where I'm having a hard time following:
-I was given a public IP address (220.127.116.11 -just as an example) by my company to take this device so it can get NAT'd into the internet so we can tie it with another device. However, there are firewall concerns and what not, back to the documentation, it states that if there is a firewall, open up port 6300 TCP and port 6301 TCP/UDP. (
On port 6300 - forward to 192.168.10.x/24 (my device) port 80, on port 6301 same ip but with tcp udp port 655 getting forwarded.....what is happening here? In this something a firewall does? Or is this almost like an Access-List concept? How can I lab something link this?
All the configuration for the devices is on a WEB GUI and pretty easy to configure but the networking part made it tougher to understand.
I really want to wrap my head around this because I can't seem to break it down.
Hello @steveblurr ,
>> On port 6300 - forward to 192.168.10.x/24 (my device) port 80, on port 6301 same ip but with tcp udp port 655 getting forwarded.....what is happening here? In this something a firewall does? Or is this almost like an Access-List concept? How can I lab something link this?
Yes this is something that a firewall or a router can do as part of NAT operations if configured for this.
In Cisco IOS for routers this is called static NAT.
An IP address ( the public one) and a TCP port or UDP port are enough to define a service up to the application layer.
The NAT operations in this case are to convert the public IP address in a private one and the TCP port in another TCP port.
What is nice and powerful of this L4 aware NAT is that the same public IP address can represent different internal services hosted on different internal hosts if all of them are using different TCP or UDP ports.
The static NAT allows for connections started from outside world to trigger NAT this is the difference with standard NAT that is started inbound to outbound.
In your case this allows to receive an audio call started from outside or an audio stream.
Hope to help
So in other words,
My NAT should look similar to this access list:
permit tcp (source address) public_ip eq 80 (destination address) my_device_ip port 6300
permit udp (source address) public_ip eq 655 (destination address) my_device_ip port 6301
This is what I pictured in my head. Since, there's a main control room and I'm remote, this will make sense, correct?
Because on the device GUI I can set the parameter to be my public ip:port number and it used that to communicate.