Yes the camera is on the inside of the PIX. Ok, I am fine with setting up the NAT for the camera that doesn't seem to be too hard. For the acl would the below do? Also, do I need to add the new public IP to outside interface, basically do I need to have multiple ips assigned to that one outside interface to make it work.
access-list outside_allowed_in permit tcp any host 64.207.xx.xxx eq 80
access-group outside_allowed_in in interface outside
No you don't need to assign the IP address to the outside interface assuming it is a different IP address than the one assigned to the outside interface. But the IP address you use must be
a) a public IP address routable on the Internet
b) the address must be routed to the outside interface of your pix - this ISP should be doing this for you.
access-list looks fine. Just be aware there is an implict deny at the end of any access-if list so if you need to allow any other connections from outside you need to allow them as well. Note this does not apply to return traffic from connections initiated from the inside ie. user internet surfing etc. This traffic will be allowed anyway.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...