05-17-2010 08:24 PM - edited 03-11-2019 10:46 AM
We are setting up security camera system so would like to open Inbound Ports:80 and 443. Also how do you reserve ip address in DHCP scope and create NAT beween private IP address and public IP addres. I am new at this so can you please help me with the entries.
Solved! Go to Solution.
05-17-2010 08:33 PM
How many public ip address do you have? Are you using the outside interface ip address for NATing? or you have spare public ip address for the web camera NATing?
If your camera is connected to the inside interface, and for example having ip address of 10.1.1.5, and you only have 1 public ip address assigned to your outside interface, then you can configure the following:
static (inside,outside) tcp interface 80 10.1.1.5 80 netmask 255.255.255.255
static (inside,outside) tcp interface 443 10.1.1.5 443 netmask 255.255.255.255
However, if you have spare public ip address to use, you can configure 1 to 1 NATing for your web camera, and assuming your spare public ip address is 100.1.1.5:
static (inside,outside) 100.1.1.5 10.1.1.5 netmask 255.255.255.255
To allow inbound access, you would need to configure access-list. Double check if access-list is already assigned to the outside interface: sh run access-group.
If ACL is already assigned, use the same ACL name to add the above access.
Example:
access-list outside-acl permit tcp any interface outside eq 80
access-list outside-acl permit tcp any interface outside eq 443
OR/
access-list outside-acl permit tcp any host 100.1.1.5 eq 80
access-list outside-acl permit tcp any host 100.1.1.5 eq 443
Hope that helps.
05-17-2010 08:33 PM
How many public ip address do you have? Are you using the outside interface ip address for NATing? or you have spare public ip address for the web camera NATing?
If your camera is connected to the inside interface, and for example having ip address of 10.1.1.5, and you only have 1 public ip address assigned to your outside interface, then you can configure the following:
static (inside,outside) tcp interface 80 10.1.1.5 80 netmask 255.255.255.255
static (inside,outside) tcp interface 443 10.1.1.5 443 netmask 255.255.255.255
However, if you have spare public ip address to use, you can configure 1 to 1 NATing for your web camera, and assuming your spare public ip address is 100.1.1.5:
static (inside,outside) 100.1.1.5 10.1.1.5 netmask 255.255.255.255
To allow inbound access, you would need to configure access-list. Double check if access-list is already assigned to the outside interface: sh run access-group.
If ACL is already assigned, use the same ACL name to add the above access.
Example:
access-list outside-acl permit tcp any interface outside eq 80
access-list outside-acl permit tcp any interface outside eq 443
OR/
access-list outside-acl permit tcp any host 100.1.1.5 eq 80
access-list outside-acl permit tcp any host 100.1.1.5 eq 443
Hope that helps.
05-17-2010 08:39 PM
thank you very much for the quick response and this exactly what i was looking for. Let me try and will provide update.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: