The idea: A client (camera) on the LAN should be able to connect to WAN IPs and WAN IPs should be able to connect to this client through our WAN IP. The problem: When connected to a WAN IP, they can see/hear us but we can't see/hear them.
Setup: A camera for video conference has its own LAN IP (10.18.16.251). For it to work, the following ports have to be opened; Single - 1720 UDP and TCP, Range - 3230 > 3243 TCP and Range - 3230 > 3285 UDP. For each of these ports I have added a single line in ip nat inside source static tcp 10.18.16.251 1720 WAN_IP 1720 extendable and so on.
Additional information: Router: Cisco 1841 IOS Version is 12.4(7d) IP Base SDM Version 2.5
Here's some relevant information from the running-config:
! interface FastEthernet0/0 description $ETH-LAN$ ip address 10.18.16.1 255.255.255.0 ip nbar protocol-discovery ip nat inside duplex auto speed auto ! interface FastEthernet0/1 description $ETH-WAN$ ip address WAN_IP 255.255.255.248 ip nbar protocol-discovery ip flow ingress ip flow egress ip nat outside duplex auto speed auto ! ip route 0.0.0.0 0.0.0.0 WAN_GATEWAY ! ip nat inside source list 10 interface FastEthernet0/1 overload ip nat inside source static tcp 10.18.16.251 1720 WAN_IP 1720 extendable (the coming rows are all the other ports in either tcp or udp as mentioned earlier in the post) ! access-list 10 permit 10.18.16.0 0.0.0.255 !
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...