Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
New Member

Open a port on Cisco 881 to allow to see my WVC cameras from home

Hello,

I would like to open a port on my Cisco 881 router at work, to allow me to see my WVC cameras from home.

Does anyone know the commands for this configuration??

Any help will be appreciate.

Thank you

Kind Regards

Leon

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: Open a port on Cisco 881 to allow to see my WVC cameras from

With only 1 public ip address, ie: your fa4 interface, then the following would be the command:

ip nat inside source static tcp 192.168.2.100 1024 interface fa4 1024

11 REPLIES
Cisco Employee

Re: Open a port on Cisco 881 to allow to see my WVC cameras from

Assuming that your WVC cameras has private ip address, you would need to NAT it to a public ip address or configure static PAT on the router external ip address to access it from home.

What port does your WVC cameras uses? and do you have a spare public ip address, or are you going to use your router external ip address for static PAT? Can you share the current NAT configuration?

New Member

Re: Open a port on Cisco 881 to allow to see my WVC cameras from

Hi Jennifer,

My WVC camera uses the 1024 port. I don't have a spare public IP so I'm going to use my router's external ip address for static PAT.

Here is my current configuration on my Cisco 881 router at work:


Current configuration : 2632 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
boot-start-marker
boot-end-marker
!
logging message-counter syslog
!
no aaa new-model
!
crypto pki trustpoint TP-self-signed-xxxxxxxxxxx
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-xxxxxxxxxxx
revocation-check none
rsakeypair TP-self-signed-xxxxxxxxxxx
!
!
ip source-route
ip dhcp excluded-address 192.168.2.1
ip dhcp excluded-address 192.168.2.100
!
ip dhcp pool ccp-pool
   import all
   network 192.168.2.0 255.255.255.0
   dns-server x.x.x.x x.x.x.x
   default-router 192.168.2.1
   lease 0 2
!
!
ip cef
ip name-server x.x.x.x
ip name-server x.x.x.x
!
!
!
!
username xxxxxxxxxxx privilege 15 password 0 xxxxxxxxxxx
!
!
crypto isakmp policy 9
hash md5
authentication pre-share
crypto isakmp key xxxxxxxxxxx address x.x.x.x
!
crypto ipsec security-association lifetime seconds 86400
!
crypto ipsec transform-set STRONG ah-md5-hmac esp-3des esp-sha-hmac
!
!
crypto map VPN 1 ipsec-isakmp
set peer x.x.x.x
set transform-set STRONG
match address 101
!
!
archive
log config
  hidekeys
!
!
!
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
description Connection towards Primetel Modem
ip address x.x.x.x 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
crypto map xxx
!
interface Vlan1
description Local LAN
ip address 192.168.2.1 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1452
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 x.x.x.x
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
ip nat inside source route-map NONAT interface FastEthernet4 overload
ip nat inside source static tcp 192.168.2.100 3389 x.x.x.x 3389 extendable
!
ip access-list extended nonat_nat
deny   ip 192.168.2.0 0.0.0.255 192.168.15.0 0.0.0.255
permit ip 192.168.2.0 0.0.0.255 any
!
access-list 15 permit 192.168.2.0 0.0.0.255
access-list 101 permit ip 192.168.2.0 0.0.0.255 192.168.15.0 0.0.0.255
route-map NONAT permit 1
match ip address nonat_nat
!
!
control-plane
!
!
line con 0
no modem enable
line aux 0
line vty 0 4
privilege level 15
password xxxxxxx
login local
transport input telnet ssh
!
scheduler max-task-time 5000
end

Cisco Employee

Re: Open a port on Cisco 881 to allow to see my WVC cameras from

Then it would be as follows:

ip nat inside source static tcp 1024 interface fa4 1024

Assuming that the camera uses TCP as the protocol on port 1024. Pls replace with the actual ip address of the camera.

Hope that helps.

New Member

Re: Open a port on Cisco 881 to allow to see my WVC cameras from

Thank you Jeniffer,

I'll try that later on and I will let you know.

Thank you so much.

New Member

Re: Open a port on Cisco 881 to allow to see my WVC cameras from

Hi Jennifer,

just one more question,

do I also need to configure another command to open the camera port?

for example:

ip nat inside source static tcp 192.168.2.100 1024 x.x.x.x 1024 extendable

where:

SERVER IP: 192.168.2.100

PUBLIC IP: x.x.x.x

Thank you

Cisco Employee

Re: Open a port on Cisco 881 to allow to see my WVC cameras from

I thought you mention that you don't have any spare public ip address, hence you are using the router external interface.

The config should be as follows:

ip nat inside source static tcp 192.168.2.100 1024 interface fa4 1024

New Member

Re: Open a port on Cisco 881 to allow to see my WVC cameras from

Hi Jennifer,

I thought you meant if I have a two public IPs.

Basically, I have only one public IP that is the f4 interface, the router's external.

So, according to this, which of these two commands fits my scenario?

Thank you

Cisco Employee

Re: Open a port on Cisco 881 to allow to see my WVC cameras from

Hello,

Unfortunately, The IP address of the outside insterface has only 1 port with ID 1024, if there is another camara that you need to access, it would be good idea to check if it can listen on another port and do the same forwarding as you did with the first one.

Mike.

Mike
New Member

Re: Open a port on Cisco 881 to allow to see my WVC cameras from

Thank you Mike.

It worked perfectly.

Cisco Employee

Re: Open a port on Cisco 881 to allow to see my WVC cameras from

With only 1 public ip address, ie: your fa4 interface, then the following would be the command:

ip nat inside source static tcp 192.168.2.100 1024 interface fa4 1024

New Member

Re: Open a port on Cisco 881 to allow to see my WVC cameras from

Thank you Jennifer.

2950
Views
0
Helpful
11
Replies
CreatePlease to create content