Need to Access a network camera on internal network from external network

Posted on 2008-09-29
Last Modified: 2012-06-27
I have a network camera in my test fixture area that I would like a customers to be able to view.  The camera is set for port 80.  I have tried port forwarding by typing the following:

static (inside,outside2) tcp interface 80 80 netmask
access-list outside_access_in permit tcp any interface outside eq 80

I still cannot access camera from outside network.  Any suggesions would be greatly appreciated.
Question by:krhoades7601
  • 4
  • 3
  • 3
  • +3
LVL 13

Expert Comment

ID: 22602025
You'll probably need to post the entire config to determine what the problem is.
Of course, redact public IPs and any other sensitive info.
LVL 32

Expert Comment

by:Kamran Arshad
ID: 22602038

Expert Comment

ID: 22602469
192 is a internal number only. You are going to have to have a NAT address that points to that internal address. You will need to use that NAT address to reach the camera from an external network. 192 class numbers are not valid external network or internet ip addresses. You can do a reverse IP lookup or contact your internet provider to find out what the NAT address is.
LVL 79

Expert Comment

ID: 22602562
The static and the access-list are correct.
Check the default gateway setup on the camera
LVL 12

Expert Comment

ID: 22602720
I've got to ask, but can you access the camera from the inside network?

Author Comment

ID: 22603849
I checked the default gateway of the camera and it is set properly.  I can access the network internally by typing in my browser and it comes up.  I will supply a copy of the running configuration once I get to work.  Thank you for the response.  Hopefully, I can get this working today.
LVL 79

Expert Comment

ID: 22604803
static (inside,outside2)
You have multiple outside interfaces?
I'm curious to see the running config to see where your firewall's default route goes...
VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.


Expert Comment

ID: 22604896
if your trying to type a 192 class # from the internet to see your camera it will never work!
LVL 12

Expert Comment

ID: 22605602
That is right - make sure you are accessing with your public IP address: you can find it by going to and looking at the top of the screen.

Author Comment

ID: 22605699
Okay!  Below is my configuration.  Sorry it took me so long.  

ASA Version 7.2(4)
hostname portland
enable password
name 9..10.11.12 Dayton-Outside
name Dayton-Inside
name Trixbox
interface Vlan2
 nameif outside
 security-level 0
 ip address
 ospf cost 10
interface Vlan3
 nameif inside
 security-level 100
 ip address
 ospf cost 10
interface Vlan4
 nameif outside2
 security-level 0
 ip address
 ospf cost 10
interface Ethernet0/0
 switchport access vlan 2
interface Ethernet0/1
 switchport access vlan 3
interface Ethernet0/2
 switchport access vlan 4
interface Ethernet0/3
interface Ethernet0/4
interface Ethernet0/5
interface Ethernet0/6
interface Ethernet0/7
banner motd
banner motd    #########################################################################
banner motd    #                                                                       #
banner motd    # This system is for the use of authorized users only. Individuals      #
banner motd    # using this computer system without authority, or in excess of their   #
banner motd    # authority, are subject to having all of their activities on this      #
banner motd    # system monitored and recorded by system personnel.                    #
banner motd    #                                                                       #
banner motd    # In the course of monitoring individuals improperly using this system, #
banner motd    # or in the course of system maintenance, the activities of authorized  #
banner motd    # users may also be monitored.                                          #
banner motd    #                                                                       #
banner motd    # Anyone using this system expressly consents to such monitoring and    #
banner motd    # is advised that if such monitoring reveals possible evidence of       #
banner motd    # criminal activity, system personnel may provide the evidence of such  #
banner motd    # monitoring to law enforcement officials.                              #
banner motd    #                                                                       #
banner motd    #########################################################################
banner motd
boot system disk0:/asa724-k8.bin
ftp mode passive
clock timezone EST -5
clock summer-time EDT recurring
dns server-group DefaultDNS
object-group service Port_4445 tcp
 port-object eq 4445
access-list inside_outbound_nat0_acl extended permit ip Dayton-Inside
access-list outside_cryptomap_20 extended permit ip Dayton-Inside
access-list outside_access_in extended permit icmp any any
access-list outside_access_in extended permit udp host eq ntp any eq ntp
access-list outside_access_in extended permit tcp any interface outside eq www
access-list priority-servers remark Add Here Destination Server IPs Requiring QoS
access-list priority-servers remark Including Both Local and Remote Servers
access-list priority-servers extended permit ip Dayton-Inside host
access-list priority-servers extended permit ip Dayton-Inside host
access-list priority-servers extended permit ip host
access-list priority-servers extended permit ip host
pager lines 24
logging enable
logging timestamp
logging buffer-size 10240
logging monitor warnings
logging buffered warnings
logging trap warnings
logging asdm notifications
logging mail critical
logging from-address
logging recipient-address level critical
logging device-id hostname
mtu outside 1500
mtu inside 1500
mtu outside2 1500
no failover
monitor-interface outside
monitor-interface inside
monitor-interface outside2
icmp unreachable rate-limit 1 burst-size 1
icmp permit any outside
icmp permit any inside
icmp permit any outside2
asdm image disk0:/asdm-524.bin
asdm history enable
arp timeout 14400
global (outside) 1 interface
global (outside2) 1 interface
nat (inside) 0 access-list inside_outbound_nat0_acl
nat (inside) 1
static (inside,outside2) tcp interface www www netmask
access-group outside_access_in in interface outside
access-group outside_access_in in interface outside2
route outside2 1 track 1
route outside 254
timeout xlate 0:05:00
timeout conn 168:00:00 half-closed 0:10:00 udp 0:05:00 icmp 0:00:30
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
aaa authentication ssh console LOCAL
aaa authentication telnet console LOCAL
aaa authorization command LOCAL
http server enable
http outside2
http outside
http inside
snmp-server host outside2 poll community 22vgX
no snmp-server location
no snmp-server contact
snmp-server community 22vgX
snmp-server enable traps snmp authentication linkup linkdown coldstart
sla monitor 123
 type echo protocol ipIcmpEcho interface outside2
 num-packets 3
 frequency 10
sla monitor schedule 123 life forever start-time now
crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec df-bit clear-df inside
crypto map outside_map 20 match address outside_cryptomap_20
crypto map outside_map 20 set peer
crypto map outside_map 20 set transform-set ESP-AES-256-SHA
crypto map outside_map 20 set security-association lifetime seconds 300
crypto map outside_map interface outside
crypto map outside_map interface outside2
crypto isakmp enable outside
crypto isakmp enable outside2
crypto isakmp policy 20
 authentication pre-share
 encryption aes-256
 hash sha
 group 2
 lifetime 28800
crypto isakmp nat-traversal  20
track 1 rtr 123 reachability
telnet Dayton-Inside inside
telnet inside
telnet timeout 10
ssh outside
ssh inside
ssh outside2
ssh timeout 60
console timeout 30

priority-queue outside
priority-queue inside
priority-queue outside2
ntp server
tftp-server inside portland
username kiwi password ASOXfjPZd36TNPQ0 encrypted privilege 15
username krhoades password LlrRyUI2rrVkfZ3L encrypted privilege 15
username cisco500 password NivFZqUgthCHah0J encrypted privilege 15
username lwasserman password KYuqqyXdd2qDeHmF encrypted privilege 15
username tims password 8woCmo9cVKF6J5Tx encrypted privilege 15
tunnel-group DefaultRAGroup ipsec-attributes
 isakmp keepalive threshold 10 retry 2
tunnel-group type ipsec-l2l
tunnel-group ipsec-attributes
 pre-shared-key *
 isakmp keepalive disable
class-map SIP
 description For SIP Ports
 match port udp range sip 5061
class-map SERVERS
 description For Critical Servers
 match access-list priority-servers
class-map IAX2
 description For IAX2 Support
 match port udp eq 4569
class-map inspection_default
 match default-inspection-traffic
class-map SIP-SUP
 description For SIP Support
 match port udp range 10000 20000
policy-map type inspect dns preset_dns_map
  message-length maximum 512
policy-map global_policy
 class inspection_default
  inspect dns preset_dns_map
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect netbios
  inspect rsh
  inspect rtsp
  inspect skinny
  inspect esmtp
  inspect sqlnet
  inspect sunrpc
  inspect tftp
  inspect sip
  inspect xdmcp
  inspect pptp
  inspect icmp
policy-map QoS-Policy
 description Port_5038
 class SIP
 class IAX2
 class SIP-SUP
 class SERVERS
service-policy global_policy global
service-policy QoS-Policy interface outside
service-policy QoS-Policy interface inside
service-policy QoS-Policy interface outside2
prompt hostname context
: end
asdm image disk0:/asdm-524.bin
asdm location Dayton-Inside inside
asdm location Dayton-Outside outside
asdm location Dayton-Inside outside
asdm location Trixbox inside
asdm history enable
LVL 79

Accepted Solution

lrmoore earned 500 total points
ID: 22605811
>access-list outside_access_in extended permit tcp any interface outside eq www

access-list outside_access_in extended permit tcp any interface outside2 eq www

Expert Comment

ID: 22605835
Once again. Are you trying to access this camera using the 192 address from a external network?
Once again. If you are then this WILL NOT WORK.

Author Closing Comment

ID: 31501419
Thank you soooo much!  You rock.  It finally works!!!!  Thank you Thank you Thank you!!!

Author Comment

ID: 22606128
I tested it from an outside network and it works!!!!  I am so happy!

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
IP Calculator 10 55
CMDB relationships for hardware assets 2 24
SOFS cluser offline 3 39
CISCO ATA 190 using PRI DID number 6 20
Short answer to this question: there is no effective WiFi manager in iOS devices as seen in Windows WiFi or Macbook OSx WiFi management, but this article will try and provide some amicable solutions to better suite your needs.
When it comes to security, there are always trade-offs between security and convenience/ease of administration. This article examines some of the main pros and cons of using key authentication vs password authentication for hosting an SFTP server.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
Here's a very brief overview of the methods PRTG Network Monitor ( offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

919 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now