CCTV connection problems

Unanswered Question
Aug 3rd, 2008
User Badges:

Ive put cisco 877 routers in my depot offices and users behind the cisco router cant connect to any of our CCTV servers remotely. I think it might be a Nat issue but cant be sure. Everything works correctly when connected behind a Draytek Vigor, so there must be a fault on the cisco config somewhere. Can anyone help?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Giuseppe Larosa Mon, 08/04/2008 - 11:38
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

Hello Colin,

if you can post a filtered(without public ip addresses passwords, ..) config of one of your 877 and if you can provide some details about the CCTV server (what protocol are they using ? are they sending multicast frames if so you need to turn on multicast routing) you can find some help on the forum.

If your CCTV are using H.323 they might find some dynamic ports closed if you are using CBAC (ip inspect) and NAT.


Hope to help

Giuseppe

crmljc1976 Tue, 08/05/2008 - 07:45
User Badges:

Hi Guiseppe,

Please find my config attached. The CCtv server runs on a remote LAN and various udp and tcp protocols are forwarded from the draytek broadband router to the server,ports tcp/udp 2000-2006, tcp/udp 3001. When I try to connect using the remote viewing application from behind the Cisco 877(which is on a remote subnet) only one TCP session is established, and the application hangs.

Could it be the IOS version or dsl firmware that's causing the problem. I hope that you can help me because we need this operational during the night in case of intruder break ins. Hope this makes sense!

Thanks

Colin...



Attachment: 
Giuseppe Larosa Tue, 08/05/2008 - 12:44
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

Hello Colin,


from waht I see in your config I would add


access-list 2 permit 10.0.0.0 0.0.255.255


because your inside interface has the following config:


interface Vlan1

ip address 10.0.2.86 255.255.0.0

ip nat inside

ip virtual-reassembly

!

anc current acl 2 says:


access-list 2 permit 192.168.0.0 0.0.0.255


So NAT cannot work because it uses acl 2 to decide what to translate to dialer ip address:


ip nat inside source list 2 interface Dialer0 overload


Or change vlan1 ip address in 192.168.0.X 255.255.255.0


Hope to help

Giuseppe





crmljc1976 Tue, 08/05/2008 - 13:27
User Badges:

sorry vlan 1 address is 192.168.0.1/24, 10.0.2.86/16 was there so I could configure on 10.0.0.0/16 subnet, my fault, that isn't the reason its not working!

Giuseppe Larosa Wed, 08/06/2008 - 08:06
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

Hello Colin,

I was thinking it was too evident to be true !


Best Regards

Giuseppe

Actions

This Discussion