I have a customer who purchased a GE IP Camera / DVR for one of their remote sites and we're having problems accessing it from behind our ASA 5520s 7.2(4).
What I've discovered is that when any user connects to the DVR's external IP, the webpage loads and then the DVR creates a seperate inbound connection on port 5858 (TCP or UDP are selectable)which carries the video stream.
Outbound users are PAT'd to a single external IP, so as you can see... we have an issue.
GE is saying that port 5858 needs to be forwarded, but I don't see the feasibility of this in an environment where there are multiple users that would need this port forwarded without assigning them a static external IP.
Is there an inspect statement I can enter to make this work? This scenario is very similar to how a PPTP VPN works... TCP connection on port 1723 and then the server initiates an inbound GRE tunnel, The "inspect PPTP" command allows this to work.
I've found the connection will work if I statically map a host to an external IP and then put an explicit ACL statement in allowing the DVR IP to the external IP on TCP port 5858.
What can I do at this point to make it work? Can I create a custom "Inspect"? The IP of the DVR is static if that makes any difference.
I'm not sure if you cn create a custom inspect or not (certainly would make sense that you can), but you could also use FTP inspection and change the inspection to port 5858. Here's a link on how to do that.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :