Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1390
Views
0
Helpful
4
Replies

Authenticate to a website from behind ASA

zack
Level 1
Level 1

‎09-29-2009 07:15 PM - edited ‎03-11-2019 09:21 AM

Hi,

I ran into a weird problem today. I am setting up ASA for a retail company. all the sales locations has ASA5505 version 7.2. A q-see webcam system is installed in each location. a manager at any location can monitor any remote one. the camera system is web based and uses the default port 80, connected directly to the Internet and is assigned a real IP address. Once a manager type in a camera address in his IE, he is prompt to enter his user name and password. Usually this is a straigh forward operation until I installed the ASA. Now, nothing

Labels:
0 Helpful
4 Replies 4

scudderconsulting
Level 1
Level 1

‎09-30-2009 12:06 AM

I believe that q-see may require additional port for authentication.

0 Helpful

kicharle
Level 1
Level 1
In response to scudderconsulting

‎09-30-2009 01:46 AM

I hope, you would have connected the web camera to the inside interface and the outside interface to the outside world.

If that is so, have you configured an ACL to allow port 80 inbound to the outside interface.

Also, you have mentioned that is using real IP address.

You need to configure a static rule that translates to the same real IP address.

0 Helpful

zack
Level 1
Level 1
In response to kicharle

‎09-30-2009 05:53 PM

Hi Kicharle,

The cameras are connected directly to the internet and assigned a real IP adderss. I have no control over the way they are setup. managers used to authenticate correclty before I installed the ASA, now, when they try to connect, they still get the prompt for a user name and password but nothing happens after. I guess the ASA is blocking the reply from the camreas. here is the log

6 Sep 26 2009 20:10:07 302014 CameraLA4 TSinside Teardown TCP connection 4850 for outside:CameraLA4/80 to inside:TSinside/1476 duration 0:00:00 bytes 1850 TCP FINs

6 Sep 26 2009 20:10:07 302013 CameraLA4 TSinside Built outbound TCP connection 4851 for outside:CameraLA4/80 (CameraLA4/80) to inside:TSinside/1477 (76.x.x.1/4175)

6 Sep 26 2009 20:10:07 302013 CameraLA4 TSinside Built outbound TCP connection 4851 for outside:CameraLA4/80 (CameraLA4/80) to inside:TSinside/1477 (76.x.x.1/4175)

6 Sep 26 2009 20:10:07 305011 TSinside 76.x.x.1 Built dynamic TCP translation from inside:TSinside/1477 to outside:76.x.x.1/4175

Any ideas?

0 Helpful

zack
Level 1
Level 1
In response to scudderconsulting

‎10-02-2009 10:25 PM

Hi scudderconsulting

you are right, it requires port TCP 2000 for video stream. but still, the camera is not behind any firewall. it's assigned a real IP. The client is behind a firewall.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card