cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
556
Views
0
Helpful
4
Replies

PIx Firewall with port 9999

agnelo
Level 1
Level 1

Hello

We have recently installed PIX Firewall. Everything seems to be working fine (http, ftp, etc). There is one application which uses Pelco device (Video camera devices). The application uses the tcp port 9999 (to talk to the host) and the port from client changes from 2800-3000.

Need to fix this problem urgently

Thanks

Agnelo

4 Replies 4

nkhawaja
Cisco Employee
Cisco Employee

Hi Angelo,

I still not sure what is the problem, since it has not been described properly. Is the client not able to connect? is the video device not able to connect? where is the client inside or outside?

Thanks

Nadeem

Hi Nadeem

There is a Pelco Video camera (DX7000) devices which allows the real-time view of all the cameras which are connected to this device.

To view the real-time frames, the client use a S/W (again supplied by pelco) and connect to the DX7000(which has IP address) device and view the frames.

When there was no PIX firewall all the clients were able to view the camera snapshots from inside the network and also from the Internet.

After installing the PIX, user inside the network are able to see the camera snapshots but the users from the internet cannot view the frames. The client uses TCP PORT 9999 to contact the host (ie DX7000) and the client uses random tcp port nos. starting from 2800-2900.

Agnelo

I suggest you create a static mapping from internet to your inside network (where your device is placed) and open tcp port 9999 for inbound connections from internet(outside) to inside.

you have to use static mapping for it and then allow the appropriate traffic from clients (any) to the specific Public IP and TCP port using access-list applied to the outside interface of your PIX.

( Clients from internet will use this IP address and port 9999 to connect to your palio device).

Hi ralli

tks for the reply. But there is no NAT on the firewall configured and even the device (DX7000) has a valid IP address. There is also a FTP in DMZ and and using an access-list to let the traffic reach to the FTP server

I have also used a access-list to allow the traffic. But it is not working.

Agnelo

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: