Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

How do I access a network camera from internet via 501

Please understand that I am nowhere near being a network guru and I'm even farther away from being a PIX guru.

I have a 501 PIX between my home network and the outside internet. The PIX is connected to a cable modem and pretty much keeps the same DHCP IP address as assigned by the ISP. I have an AXIS 207 IP camera connected to my home network on IP For the sake of illustration say the address assigned by my cable ISP is

What I need to do is to access the camera from the internet. To do that I suppose I need to add some instructions to the PIX configuration but I don't know where to start...I have never even thought about communicating with devices on my home network through the internet. Can someone please provide some pointers or better yet the commands I need to add. The next question is how do I access the camera assuming the PIX is all set up. I don't think I use the camera's address and I don't know how the ISP address would get to a specific device such as the camera - maybe appending a port number or whatever to the IP address I type when trying to access the camera from the internet?

The way the camera works on the internal network is you type in it's IP address in a browser window and the camera opens up a web page just like any url and the video is streamed to a window in the web page.

I hope I've provided enough info to understand what I'm trying to do and I would be most appreciative for any help.


New Member

Re: How do I access a network camera from internet via 501


The PIX can be configured to translate ports destined to a single global IP address to your internal camera.


You can use port redirection (static PAT) to accomplish this.


Address from ISP:

Camera IP Address:

PIX commands are shown below.

static (inside,outside) tcp 80 80 netmask

!--- Now that the port redirection is defined, you need

!--- to allow inbound access via an access list.

access-list inbound permit tcp any host eq 80

access-group inbound in interface outside

!--- Finally, then you need to do PAT on the static address.

nat (inside) 1

global (outside) 1

Please rate if this helps, also I would make sure you camera has a user name + password on.

Regards MJ

New Member

Re: How do I access a network camera from internet via 501

Thanks for the answer...I will install the changes and report back with the results

New Member

Re: How do I access a network camera from internet via 501

I tried installing the commands as provided but am running into issues. Here are the error messages:

pixfirewall(config)# nat (inside) 1

ERROR: Duplicate NAT entry

ERROR: fail to insert nat entry

pixfirewall(config)# global (outside) 1

ERROR: overlaps with outside interface address


And here is a copy of my current configuration (including the code prior to entering the changes and the successful changes). Any Idea what needs to be done to fix things?


Building configuration...

: Saved


PIX Version 6.3(5)

interface ethernet0 auto

interface ethernet1 100full

nameif ethernet0 outside security0

nameif ethernet1 inside security100

enable password xxx

passwd xxx

hostname pixfirewall


clock timezone CST -6

clock summer-time CDT recurring

fixup protocol dns maximum-length 512

fixup protocol ftp 21

fixup protocol h323 h225 1720

fixup protocol h323 ras 1718-1719

fixup protocol http 80

fixup protocol rsh 514

fixup protocol rtsp 554

fixup protocol sip 5060

fixup protocol sip udp 5060

fixup protocol skinny 2000

fixup protocol smtp 25

fixup protocol sqlnet 1521

fixup protocol tftp 69


access-list 100 permit icmp any any echo-reply

access-list 100 permit icmp any any time-exceeded

access-list 100 permit icmp any any unreachable

access-list inbound permit tcp any host eq www

pager lines 24

logging timestamp

logging trap informational

logging host inside

icmp deny any echo outside

mtu outside 1500

mtu inside 1500

ip address outside dhcp setroute

ip address inside

ip audit info action alarm

ip audit attack action alarm

pdm location inside

pdm history enable

arp timeout 14400

global (outside) 1 interface

nat (inside) 1 0 0

static (inside,outside) tcp www www netmask 0 0

access-group inbound in interface outside

timeout xlate 0:05:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00

timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00

timeout sip-disconnect 0:02:00 sip-invite 0:03:00

timeout uauth 0:05:00 absolute

aaa-server TACACS+ protocol tacacs+

aaa-server TACACS+ max-failed-attempts 3

aaa-server TACACS+ deadtime 10

aaa-server RADIUS protocol radius

aaa-server RADIUS max-failed-attempts 3

aaa-server RADIUS deadtime 10

aaa-server LOCAL protocol local

aaa authentication http console LOCAL

aaa authentication telnet console LOCAL

aaa authentication serial console LOCAL

aaa authentication enable console LOCAL

http server enable

http inside

no snmp-server location

no snmp-server contact

snmp-server community public

no snmp-server enable traps

floodguard enable

telnet inside

telnet timeout 15

ssh timeout 5

console timeout 0

dhcpd address inside

dhcpd dns

dhcpd lease 3600

dhcpd ping_timeout 750

dhcpd auto_config outside

dhcpd enable inside

username administrator password xxx privilege 15

terminal width 80


: end


CreatePlease to create content