Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Open ports on firewall

Hello everyone,

We have setup new ip camera system and as per our vendor to access the camera from outside we need to open

TCP ports and in firewall and forward to our camera server.

let say our public ip address is 207.114.111.22 and our local ip address for the camera is 11.11.1.30.

Can someone please help me do this we have cisco asa 5510. Thanks

  • Firewalling
1 ACCEPTED SOLUTION

Accepted Solutions
Super Bronze

Re: Open ports on firewall

Hi,

The configuration depends on a few things.

  • Do you have a public IP that you can use just for the server? Or will you be using the ASAs outside interface IP address?
  • What software version are you using? (NAT configuration format changed after 8.2 ->)

I'll give you some examples

  • I presume the interfaces are called inside and outside
  • I presume the outside interface access-list is named OUTSIDE-IN and attached with the direction parameter of "in"

  • Software version 8.2 and earlier

Using deticated IP address for NAT

static (inside,outside) 207.114.111.22 11.11.1.30 netmask 255.255.255.255 dns

access-list OUTSIDE-IN permit tcp any host 207.114.111.22 range 55752 55753

Using Port Forwarding with interface IP address

static (inside,outside) tcp interface 55752 11.11.1.30 55752 netmask 255.255.255.255

static (inside,outside) tcp interface 55753 11.11.1.30 55753 netmask 255.255.255.255

access-list OUTSIDE-IN permit tcp any interface outside range 55752 55753

  • Software version 8.3 and after

Using dedicated IP address for NAT

object network CAMERA-SERVER

host 11.11.1.30

nat (inside,outside) static 207.114.111.22 dns

access-list OUTSIDE-IN permit tcp any object CAMERA-SERVER range 55752 55753

Using Port Forwarding with interface IP address

object network CAMERA-SERVER-TCP55752

host 11.11.1.30

nat (inside,outside) static interface service tcp 55752 55752

object network CAMERA-SERVER-TCP55753

host 11.11.1.30

nat (inside,outside) static interface service tcp 55753 55753

access-list OUTSIDE-IN permit tcp any object CAMERA-SERVER-TCP55752 eq 55752

access-list OUTSIDE-IN permit tcp any object CAMERA-SERVER-TCP55753 eq 55753

Please rate if the information was helpfull

- Jouni

2 REPLIES
Super Bronze

Re: Open ports on firewall

Hi,

The configuration depends on a few things.

  • Do you have a public IP that you can use just for the server? Or will you be using the ASAs outside interface IP address?
  • What software version are you using? (NAT configuration format changed after 8.2 ->)

I'll give you some examples

  • I presume the interfaces are called inside and outside
  • I presume the outside interface access-list is named OUTSIDE-IN and attached with the direction parameter of "in"

  • Software version 8.2 and earlier

Using deticated IP address for NAT

static (inside,outside) 207.114.111.22 11.11.1.30 netmask 255.255.255.255 dns

access-list OUTSIDE-IN permit tcp any host 207.114.111.22 range 55752 55753

Using Port Forwarding with interface IP address

static (inside,outside) tcp interface 55752 11.11.1.30 55752 netmask 255.255.255.255

static (inside,outside) tcp interface 55753 11.11.1.30 55753 netmask 255.255.255.255

access-list OUTSIDE-IN permit tcp any interface outside range 55752 55753

  • Software version 8.3 and after

Using dedicated IP address for NAT

object network CAMERA-SERVER

host 11.11.1.30

nat (inside,outside) static 207.114.111.22 dns

access-list OUTSIDE-IN permit tcp any object CAMERA-SERVER range 55752 55753

Using Port Forwarding with interface IP address

object network CAMERA-SERVER-TCP55752

host 11.11.1.30

nat (inside,outside) static interface service tcp 55752 55752

object network CAMERA-SERVER-TCP55753

host 11.11.1.30

nat (inside,outside) static interface service tcp 55753 55753

access-list OUTSIDE-IN permit tcp any object CAMERA-SERVER-TCP55752 eq 55752

access-list OUTSIDE-IN permit tcp any object CAMERA-SERVER-TCP55753 eq 55753

Please rate if the information was helpfull

- Jouni

New Member

Re: Open ports on firewall

Thanks, Jouni.  There is no security issue opening TCP port 55752 and 55753? Software version 8.0(3).

Thanks again for all the help.

2829
Views
0
Helpful
2
Replies