I have a ASA 5510 firewall on the outside of my network. I can view a web camera internally after logging into the camera with no problems. On the firewall I created a NAT entry to connect a extenal IP to view the web camera from a public IP. For testing purposes I allowed all IP to connect to the internal address. I can get to the login screen of the web camera, but it does not log in. Instead I get an DVROCXex error. I do not get this same error when accessing from the internal network.
Wireshark shows tcp ports in the 2000 to 3000 in addition to the 80 for the http.
Any thoughts as to what is stopping the connection to the web camera?
It was not so much that ports were being redirected but rather the Q-See DVR uses prot 2000 as the default for the video. Since this is the port that phone traffic uses, then the Firewall was doing something to the packets when they were translated, thus not allowing viewing of the video.
I believe that port 2000 is Cisco-sccp.
Solution is to change the DVR port to something else. All that is then needed to pass thru the firewall is port 80 and port 2001 (which is what I changed the port to).
You can still keep it at tcp 2000 but, make sure not to inspect skinny for this flow. If you change it to 2001 then you just need to allow this in the acl (if you have one on the higher security interface).
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :