Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Webcast-Catalyst9k

static nat & public IP on inside interface.

Hello Guys,

I am facing some issue related to static nat please provide your replies. let me explain the scenario.

  1. At site we have 4 cameras connected on switch and NVR (network video recorder) also connected on the same switch.
  2. Locally at site we are able to access the four cameras via http/web and also through NVR software .
  3. In order to access this cameras from remote location, we did static natting in router with pubic ip address for this cameras private IP address. Find nat table below.
  4. At remote site/from internet when we are adding the cameras in NVR software using public IP address. Later automatically public IP address resolving into private IP address.
  5. We are able to access cameras individually using http://<public ip address for camera> but when we try to add it in INVR software its changing public ip address to private.

Camera Name

Private IP address

Public IP address

Camera 1

192.168.1.3

xx. x8.23.115

Camera 2

192.168.1.4

xx.x8.23.116

Camera 3

192.168.1.5

xx.x8.23.117

Camera 4

192.168.1.6

xx.x8.23.118

 

Below is the configuration for the router. I am concerned about the public IP address which is assigned on internal/LAN interface instead of outisde interface by ISP. In other project i experienced Public IP address is at outside interface and private is at inside interface and we do static nat for inside to outside interface.
 

But here when i access the cameras through public IP individually its working but not when i am adding this public IP in NVR software. May be something is wrong with static.

interface GigabitEthernet0/0.1
 encapsulation dot1Q 868
 ip address 172.20.38.26 255.255.255.252
 ip nat outside
 ip virtual-reassembly in
!
interface GigabitEthernet0/1
 ip address 192.168.1.1 255.255.255.0 secondary
 ip address 212.x.x.113 255.255.255.240                       (its a public IP address)
 ip nat inside
 ip virtual-reassembly in
 duplex auto
 speed auto

ip nat inside source list 10 pool SLT overload
ip nat inside source static 192.168.1.3 x.x.23.115
ip nat inside source static 192.168.1.4 x.x.23.116
ip nat inside source static 192.168.1.5 x.x.23.117
ip nat inside source static 192.168.1.6 x.x.23.118

ip route 0.0.0.0 0.0.0.0 172.20.38.25
!
access-list 10 permit 192.168.1.0 0.0.0.255

ip nat translation tcp-timeout 1000
ip nat translation udp-timeout 1000
ip nat pool SLT xx.xx.23.114 xx.xx.23.114 netmask 255.255.255.240
ip nat inside source list 10 pool SLT overload

 

Please advise on the above configuration. Your help in the above regard will be highly appreciated.

 

Many Thanks in Advance.

 

 

1 REPLY

It is a bit odd to see the

It is a bit odd to see the IPv4 address assigned this way. (Putting it on a Loopback would be a more elegant approach if the ISP is using private addresses for the WAN link.) But, there's nothing in here that would cause the NAT to fail. I suspect that the cameras are doing an HTTP redirect to their private IPv4 addresses at some point and this is causing your software to switch.

With this configuration, there's no reason why you can't just put the cameras directly on the public addresses and forego the NAT entirely. If there is a redirect going on, they will redirect to the correct IPv4 address and things will still work.

917
Views
0
Helpful
1
Replies
CreatePlease to create content