04-19-2010 05:47 AM - edited 03-04-2019 08:12 AM
hello, can any one help me about port forwarding on Cisco router 3845 series. im having difficulties viewing my survallance camera outside i can only view it locally here is my config. btw im using static ip but its pppoe.
enable secret 5 $1$mu1x$CMb95/a0gerL2sKkjX72q0
!
no aaa new-model
!
resource policy
!
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
ip subnet-zero
ip cef
!
!
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.10.0 192.168.10.99
!
ip dhcp pool mypool
network 192.168.10.0 255.255.255.0
default-router 192.168.10.2
dns-server 158.69.254.14 158.69.254.15
!
!
vpdn enable
vpdn ip udp ignore checksum
!
vpdn-group pppoe
request-dialin
protocol pppoe
!
!
!
!
!
interface FastEthernet0/0
no ip address
duplex auto
speed auto
pppoe enable
pppoe-client dial-pool-number 1
!
interface FastEthernet0/1
ip address 192.168.10.2 255.255.255.0
ip nat inside
ip tcp adjust-mss 1452
duplex auto
speed auto
!
interface Dialer1
mtu 1492
ip address 158.69.142.54 255.255.255.0
ip nat outside
encapsulation ppp
dialer pool 1
ppp authentication chap pap callin
ppp chap hostname 270614111
ppp chap password 0 196581111
ppp pap sent-username 27061111 password 0 196581111
!
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer1
!
ip http server
ip nat inside source list 1 interface Dialer1 overload
ip nat outside source static tcp 192.168.10.2 8888 158.69.142.54 8888 extendable
!
access-list 1 permit 192.168.10.0 0.0.0.255
!
control-plane
!
!
line con 0
line aux 0
line vty 0 4
login
04-19-2010 05:54 AM
Remove this line:
ip nat outside source static tcp 192.168.10.2 8888 158.69.142.54 8888 extendable
Change it to this line:
ip nat inside source static tcp 192.168.10.2 8888 interface Dialer1 8888 extendable
Hope that helps.
04-19-2010 04:50 PM
sir i cant seem to add the extendable command at the last part why is that?
04-19-2010 05:34 PM
hello, this is the latest config, the one with the ip address 192.168.10.25 and port 8888 is my dvr.
Current configuration : 1600 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname CISCO1841
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$mu1x$CMb95/a0gerL2sKkjX72q0
!
no aaa new-model
!
resource policy
!
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
ip subnet-zero
ip cef
!
!
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.10.0 192.168.10.99
!
ip dhcp pool mypool
network 192.168.10.0 255.255.255.0
default-router 192.168.10.2
dns-server 158.69.254.14 158.69.254.15
!
vpdn enable
vpdn ip udp ignore checksum
!
vpdn-group pppoe
request-dialin
protocol pppoe
!
interface FastEthernet0/0
no ip address
duplex auto
speed auto
pppoe enable
pppoe-client dial-pool-number 1
no cdp enable
!
interface FastEthernet0/1
ip address 192.168.10.2 255.255.255.0
ip nat inside
ip tcp adjust-mss 1452
duplex auto
speed auto
no cdp enable
!
interface Dialer1
mtu 1492
ip address 158.69.142.54 255.255.255.0
ip nat outside
encapsulation ppp
dialer pool 1
no cdp enable
ppp authentication chap pap callin
ppp chap hostname 27061111
ppp chap password 0 196581111
ppp pap sent-username 27061111 password 0 196581111
!
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer1
!
ip http server
ip nat inside source list 1 interface Dialer1 overload
ip nat inside source static tcp 192.168.10.25 8888 interface Dialer1 8888
!
access-list 1 permit 192.168.10.0 0.0.0.255
dialer-list 1 protocol ip permit
no cdp run
!
control-plane
!
!
line con 0
line aux 0
line vty 0 4
login
!
end
04-19-2010 06:23 PM
do i need to put the acces list for the port forwarding?
access-list 101 permit tcp 192.168.10.25 255.255.255.0 eq 8888 158.69.142.54 255.255.255.0 eq 8888
access-list 101 permit tcp 158.69.142.54 255.255.255.0 eq 8888 192.168.10.25 255.255.255.0 eq 8888
04-19-2010 07:44 PM
You don't need the "extendable" keyword, and you also don't need the access-list.
It should already work now. What's the status?
Can you connect to 158.69.142.54 on port 8888?
04-19-2010 07:50 PM
umm what do you mean i can connect? 192.168.10.25 is my dvr ip address, 192.168.10.2 is my cisco router and 158.69.142.54 is my ISP address. was thinking is i made a mistake?
04-19-2010 07:52 PM
You would like to connect to your dvr from the outside/internet, right? That is why you have configured the port redirection?
04-19-2010 07:55 PM
yes, my i would like to view my survaillance camera from my dvr even when im outside the office.
04-19-2010 08:13 PM
btw sir one more thing my isp address is static but its a pppoe type, is that a conflict to my config of port forwarding?
04-19-2010 08:21 PM
No, there is no conflict. As far as the configuration is concern, you should be able to access port 8888 on the public ip address from the internet, and it will be forwarded to 192.168.10.25
04-19-2010 08:23 PM
yes thats was im thinking why it wont work well going to try still
04-21-2010 04:52 AM
its working now but only on the HTTP but i can seem to make it work on the DVR software viewer is there any other config for it?
04-21-2010 05:35 AM
When I was working in the last company, I had a customer who had a similar problem... After weeks of reviewing configurations, sending him different routers, doing a lot of research, and be called not so nice things, the problem was that camera had to be WELL configured, including the gateway with the router LAN IP address. LOL!
I'm not saying you made any mistake, just made me remember about this.
I also guess that this configuration should work...
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide