Buy or Renew
Buy or Renew
NOTICE: You can now engage in the community. Learn about the great new Cisco Umbrella content.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1198
Views
0
Helpful
4
Replies

Cisco 1720 trying to configure NAT for Security DVR access but unsuccessful

Vikrant Ambhore
Level 1
Level 1

‎12-22-2010 08:10 PM - edited ‎03-06-2019 02:40 PM

Cisco 1720 trying to configure NAT for Security DVR access but unsuccessful

Question: I have a client that is trying to review their security DVR remotely and based on this configuration I have been unable to remote in. This configuration looks correct, but I may be overlooking something. Any suggestions would be appreciated.

xx.xxx.146.34 outside to 192.168.6.101 inside


!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname cisco1
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 warnings
!
username ***** privilege 15 password 0 *****
username ***** privilege 15 password 0 *****
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
no aaa new-model
ip subnet-zero
!
!
!
!
ip cef
ip ips po max-events 100
no ftp-server write-enable
!
!
!
!
!
!
!
!
interface FastEthernet0
ip address 192.168.6.2 255.255.255.0
ip nat inside
ip virtual-reassembly
speed auto
!
interface Serial0
ip address xx.xxx.142.158 255.255.255.252
ip nat outside
ip virtual-reassembly
encapsulation ppp
service-module t1 clock source internal
service-module t1 timeslots 1-24
!
ip classless
ip route 0.0.0.0 0.0.0.0 xx.xx.142.157
ip http server
ip http secure-server
ip nat inside source list natacl interface Serial0 overload
ip nat inside source static tcp 192.168.6.101 80 xx.xx.146.34 80 extendable
ip nat inside source static tcp 192.168.6.101 2000 xx.xx.146.34 2000 extendable
ip nat inside source static tcp 192.168.6.101 2400 xx.xx.146.34 2400 extendable
!
!
!
ip access-list extended natacl
permit ip 192.168.6.0 0.0.0.255 any
!
!
control-plane
!
!
line con 0
login local
line aux 0
login local
line vty 0 4
privilege level 15
login local
transport input telnet ssh
line vty 5 15
privilege level 15
login local
transport input telnet ssh
!
end
Labels:
0 Helpful
4 Replies 4

johnlloyd_13
Level 9
Level 9

‎12-22-2010 08:33 PM

most video application uses udp ports. try to add "udp" in your static nat config and test again.

0 Helpful

Vikrant Ambhore
Level 1
Level 1
In response to johnlloyd_13

‎12-22-2010 08:41 PM

Can you suggest how to add this

in my NAT ?

Regards

0 Helpful

johnlloyd_13
Level 9
Level 9
In response to Vikrant Ambhore

‎12-22-2010 08:44 PM

kindly see below. do check with the DVR vendor if these are the correct ports. i have encountered a scenario which uses udp port 9000.

ip nat inside source static udp 192.168.6.101 80 xx.xx.146.34 80 extendable
ip nat inside source static udp 192.168.6.101 2000 xx.xx.146.34 2000 extendable
ip nat inside source static udp 192.168.6.101 2400 xx.xx.146.34 2400 extendable

0 Helpful

Vikrant Ambhore
Level 1
Level 1
In response to johnlloyd_13

‎12-22-2010 09:02 PM

I am going to changes and get back to you in the am with results.

Regards

Vikrant

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card