07-17-2013 05:03 PM - edited 03-07-2019 02:27 PM
hello everyone
im using the ASA 5510 for routing
i just added webcam and cant get it working from outside
i have a static nat from outside to inside
and access list allowing from outside
se attached pictures
Solved! Go to Solution.
07-18-2013 10:07 AM
Is your ASA's outside interface directly connected out to the Internet and configured with a public IP or is it sitting behind the ISP router with the private IP? Also what code are you running on that ASA 8.3+ or below? Like the previous poster mentioned I'm not a fan of GUI so can you paste your configuration from the CLI? Generally you would do something like this eg;
Camera IP: 192.168.1.10
Public IP: 1.1.1.1
object network obj-192.168.1.10
host 192.168.1.10
exit
object netowrk obj-1.1.1.1
host 1.1.1.1
exit
object service CAMERA_HTTP
service tcp source eq 80
exit
nat (inside, outside) static obj-192.168.1.10 obj-1.1.1.1 service CAMERA_HTTP CAMERA_HTTP
And for the ACL:
access-list outside_acl_in extended permit tcp any gt 1024 host 192.168.1.10 eq 80
Keep in mind if you are forwarding port 80 to something else on that public IP there will be a conflict so you'll need to pick a public IP that free for port 80.
07-18-2013 01:10 AM
Hi,
I'm not too much fan of the GUI but it seems you should inverse the source and destination interface in your NAT command.
Regards
Alain
Don't forget to rate helpful posts.
07-18-2013 09:36 AM
Hi , I did actually it ddnt work but anywayit has both way nat option checked so in my opinion it should wokr even is it sais Inside- outside
what about my border router (time warner) i think port 80 needs to be forwarded to somewere
any other ideas ?
Arsen Gharibyan
Network Engineer
07-18-2013 10:07 AM
Is your ASA's outside interface directly connected out to the Internet and configured with a public IP or is it sitting behind the ISP router with the private IP? Also what code are you running on that ASA 8.3+ or below? Like the previous poster mentioned I'm not a fan of GUI so can you paste your configuration from the CLI? Generally you would do something like this eg;
Camera IP: 192.168.1.10
Public IP: 1.1.1.1
object network obj-192.168.1.10
host 192.168.1.10
exit
object netowrk obj-1.1.1.1
host 1.1.1.1
exit
object service CAMERA_HTTP
service tcp source eq 80
exit
nat (inside, outside) static obj-192.168.1.10 obj-1.1.1.1 service CAMERA_HTTP CAMERA_HTTP
And for the ACL:
access-list outside_acl_in extended permit tcp any gt 1024 host 192.168.1.10 eq 80
Keep in mind if you are forwarding port 80 to something else on that public IP there will be a conflict so you'll need to pick a public IP that free for port 80.
07-18-2013 11:35 AM
Thank you for your reply the issue was in static route on ASA
asa cant get to the appropriate vlan
192.168.10.0 255.255.255.255
changed to 192.168.10.0 255.255.255.0
and it worked
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide