Pix 501 Port Redirection with outside Dyn IP for DVR

Unanswered Question
Jul 28th, 2010

Hi,

I have a pix 501 6.3 version soft. I need to access my cameras from the net. the camera address is 192.168.1.60:1042

my ISP outside  is dynamic.

The following is my config, please let me know what is wrong with it.

PIX Version 6.3(5)

interface ethernet0 auto

interface ethernet1 100full

nameif ethernet0 outside security0

nameif ethernet1 inside security100

enable password bJT00RrZ7Q9S5J1B encrypted

passwd bJT00RrZ7Q9S5J1B encrypted

hostname Haiyai

domain-name ciscopix.com

fixup protocol dns maximum-length 512

fixup protocol ftp 21

fixup protocol h323 h225 1720

fixup protocol h323 ras 1718-1719

fixup protocol http 80

fixup protocol ils 389

fixup protocol rsh 514

fixup protocol rtsp 554

fixup protocol sip 5060

fixup protocol sip udp 5060

fixup protocol skinny 2000

fixup protocol smtp 25

fixup protocol sqlnet 1521

fixup protocol tftp 69

names

access-list outside permit tcp any interface outside eq 1042

access-list outside deny ip any any

pager lines 24

mtu outside 1500

mtu inside 1500

ip address outside dhcp setroute

ip address inside 192.168.1.1 255.255.255.0

ip audit info action alarm

ip audit attack action alarm

pdm logging informational 100

pdm history enable

arp timeout 14400

global (outside) 1 interface

nat (inside) 1 0.0.0.0 0.0.0.0 0 0

static (inside,outside) tcp interface 1042 192.168.1.60 1042 netmask 255.255.255.255 0 0

access-group outside in interface outside

timeout xlate 0:05:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00

timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00

timeout sip-disconnect 0:02:00 sip-invite 0:03:00

timeout uauth 0:05:00 absolute

aaa-server TACACS+ protocol tacacs+

aaa-server TACACS+ max-failed-attempts 3

aaa-server TACACS+ deadtime 10

aaa-server RADIUS protocol radius

aaa-server RADIUS max-failed-attempts 3

aaa-server RADIUS deadtime 10

aaa-server LOCAL protocol local

http server enable

http 192.168.1.0 255.255.255.0 inside

no snmp-server location

no snmp-server contact

snmp-server community public

no snmp-server enable traps

floodguard enable

telnet 192.168.1.0 255.255.255.0 inside

telnet timeout 5

ssh timeout 5

console timeout 0

dhcpd address 192.168.1.2-192.168.1.33 inside

dhcpd lease 3600

dhcpd ping_timeout 750

dhcpd auto_config outside

dhcpd enable inside

terminal width 80

Cryptochecksum:57847b305111572396f1ae0410e54f7e

: end         

Thanks

Morgan

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Panos Kampanakis Wed, 07/28/2010 - 07:48

Morgan,

Your config is perfectly fin. You have your PAT static and opened the ACL for that port

access-list outside permit tcp any interface outside eq 1042

access-lis outside deny ip any any

static (inside,outside) tcp interface 1042 192.168.1.60 1042 netmask 255.255.255.255 0 0

access-group outside in interface outside

The issue is somewhere else. When you try to connect check the conn through the PIX "sh conn | i 192.168.1.60", and you should see the conn.Check if the camera needs more ports to open and what the PIX logs show.

I hope it helps.

PK

Actions

This Discussion

Related Content