Viewing a security DVR from outside the LAN

Posted on 2008-10-31
Last Modified: 2012-05-05
One of my clients has just installed a security system with four cameras feeding into a Honeywell HRDP DVR.  The DVR connectes by Ethernet to a port on the office switch (a NetGear FSM726).  The switch, in turn, is connected to a Netopia 3347NWG DSL modem with DSL service through AT&T.

We can see the video feed from the other computers on the LAN by putting in the DVR's LAN IP in a web browser.  My issue is that I need to be able to have the video feed available to be monitored from an employee from their home (in case there is an alert or alarm at night on over the weekend).  I am not 100% sure how to go about this.

If I log into the Netopia, I see the Local WAN IP address and the remore gateway address.  I can also see the primary and secondary DNS addresses.  When I go over to IP Passthrough section of the Netopia setup, it is disabled, but I also do not see the DVR's IP address or name in the list of devices.
Question by:JoeBryce
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
  • 2
  • +1
LVL 32

Expert Comment

ID: 22856789

Typically your edge device (netopia) is doing NAT, so you must do port forwarding to the webserver builtin on the DVR on port 443
most times. SSL or port 443 uses encryption which is good for remote access, you don't want someone else using your DVR.

harbor235 ;}

Author Comment

ID: 22857121
So does that mean to access the DVR from outside the office LAN we simply use the IP of the edge device plus the port ( or do I have to do IP passthrough on the Netopia?  When I log in to the Netopia router in my list of devices to do a passthrough, I don't see the DVR.
LVL 32

Expert Comment

ID: 22857389

If you have overload nat setup then yes, you may have to setup the port forward to the inside though

on Cisco I would overload nat setup and I would add a translation to the inside ip, like this

static (inside,outside) tcp interface 443 netmask

inerface = outside interface
443 = https = inside IP

You may be doing this via gui

harbor235 ;}
Save the day with this special offer from ATEN!

Save 30% on the CV211 using promo code EXPERTS30 now through April 30th. The ATEN CV211 connects a laptop directly to any server allowing you instant access to perform data maintenance and local operations, for quick troubleshooting, updating, service and repair.


Expert Comment

ID: 22857585
JB, no problem, I've config'd a few of these bad boyz...
Q: Did at&t provide the acct a single or multiple (/29) IP?
Q: Is there an add'l router, firewall or switch attached to the netopia?
     Depending on your response to above Q's,Ii would likely recommend ip passthrough mode.  This would essentially place the CCTV/DVR system in the DMZ.

Author Comment

ID: 22857615

I am not sure about the number of IPs provided by AT&T.  I will have to check on that.

The Netopia is connected on one end to the Internet via the DSL enabled phone line.  The other end of the Netopia connection is into the #1 port on a NetGear FSM726 switch.  The rest of my network (computers, printers, and DVR) attach to the FSM726 via the various other ports on the 726.

Expert Comment

ID: 22866842
How is the DVR WAN IP configured - with DHCP, a public IP, or private IP? If you are using a public IP - what is assoiated netmask?
At the Netopias LAN Discovery (ExpertModem > Troubleshoot > SystemStatus) or ARP section, does the router see the DVR attached?
This info will determine the best configuration to acceess the DVR via the net

Author Comment

ID: 22867435
When the DVR was set up, it was given a static IP on the LAN - with a subnet of  I do not know if there was a WAN option or not.

On LAN Discovery, the router does see the DVR on the correct LAN IP address, and it shows up correctly in the ARP table as well.

When looking at the WAN setup in the Netopia, it has a local address and a peer address, shows that NAT is on and that WAN users are unlimited.

Expert Comment

ID: 22868428
in order that you consistantly access the dvr via the internet - get/use a single static IP.  with at&t dsl, there is likely no add'l fee.
once you obtain a public statip ip address & the dvr is configure properly, the following steps will get the system online...
under ExpertMode, click "IP Maps > Configure > Advanced > IP Maps > Add @ Internal Address - enter 192.168.x.x & under External Address - enter your static ip > Submit > click Alert (!) > Save & Restart.

Author Comment

ID: 22876534
One last (hopefully) dumb question.

I talked to AT&T and I actual;ly have 8 static IPS on this account. through with .18 through .22 available for use.  I understand from your post above that I need to go in and map the DVR's internal IP to one of my 5 available external static IPs.  Is there a need to set a port, or include a port in the IP address when accessing from the outside, or will hitting strictly on that static IP be enough?

Accepted Solution

Press2Esc earned 250 total points
ID: 22880488
Due to the design limitations, you can NOT configure ports on the netopia using mulitple static IPs (MSIPs).  While configuring mulitple statics are more complicated, the config is primarily the same.  

At the Netopia menus, under ExpertMode, click > Configure > Advanced > IP Maps: Add for Internal Address & x.x.x.18 for the External Address > Submit...
For purposes of clarity, I would recommend configuring the DHCP Server (Advanced > DHCP Server) on the Netopia with a start to stop addresses of to, respectively.
Finally, set the stateful inspection params for your MSIPs.... click Security > Stateful Inspection > Exposed Addresses > Add: enter Start / End address to x.x.x.18 to x.x.x.22, respectively.  Click Submit > Alert (!) > Save & Restart.

On your DVR, configure the wan side ip to witha netmask of & (gateway) address.
your cctv should be viewable via x.x.x.18...

Author Closing Comment

ID: 31512136
Thanks so much.  It is up and running on the outside IP.

Expert Comment

ID: 24698121

I know this sound dumb but I been trying to configure my AT T DSL Router (Netopia 3000) with my CCTV Unit

Here are my setting Please Help

I have 5 static IP

DHCP Server Address: to

I can access my router thought this IP address

 I setup Pinholes as follows:
External Port start: 80
External Port End: 80
Internal Port 80

I also setup IP Maps

Internal IP Address:
External IP Address

DVR Static IP is as follows

Ip Address:
Sub Net Mask is:
Gateway is

Please Help. Thank you very Much

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Shadow IT is coming out of the shadows as more businesses are choosing cloud-based applications. It is now a multi-cloud world for most organizations. Simultaneously, most businesses have yet to consolidate with one cloud provider or define an offic…
Use of TCL script on Cisco devices:  - create file and merge it with running configuration to apply configuration changes
After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Here's a very brief overview of the methods PRTG Network Monitor ( offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
Suggested Courses

717 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question