Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 230
  • Last Modified:

setup ip cam

Hi Experts,

I have IP cam which is working fine on LAN.

The problem is that I have a bit complex setup.

I have main router connected to WAN running own LAN 192.168.1.1 and then inside WIFI router connected to it with its own LAN 192.168.2.1

My IP cam obviously connected to WIFI router and has address 192.168.2.54

The problem is how do I access my IP CAM from outside [from WAN] ???

I am not experts in routing etc so need your guidance what to do here.

Thanks a lot.
0
fpoyavo
Asked:
fpoyavo
  • 6
  • 5
  • 3
  • +1
1 Solution
 
John HurstBusiness Consultant (Owner)Commented:
If you do not mind the camera on your main network, do the following:

1. Connect a LAN port on the Wi-Fi router to a LAN port on your network.
2. Give the Wi-Fi router a static IP on your network (say 192.168.1.10).
3. Turn DHCP OFF on the Wi-Fi router.

Now it is on the same network and now (assuming you can access your main network from outside) you can access the camera from outside.
0
 
fpoyavoAuthor Commented:
Ok I will try it but if it was on a different LAN could it be possible to do ?
0
 
arnoldCommented:
You first create a path from the (port forward) 192.168.1.x network router to the 192.168.2.54

Internet <=> (WAN side has IPexternal) router A (192.168.1.x/24 LAN) <=> (192.168.1.someip ) WRouter 1 ( 192.168.2.x/24 LAN)
On the Wrouter 1 with IP 192.168.1.someip (wan) side router
Port forward X which will mean connection to 192.168.1.someIP:Z will be translated to the 192.168.2.54:X

Now on your external Internet Facing Router you need to map port Y to 192.168.1.someip:Z

Port Y is the port that will be used externally i.e. connect to WAN side IPexternal port Y will actually translated through the first router to 192.168.1.someip:X which will in turn be translated on the second router to the IP camera's 192.168.2.54:X

Y and X can be the same or they can be different depending on what your routers allow.

i.e. you want external Y=1234
your camera port is 4321.
The intermediary Z can be anything else i.e. 3412
The path will be
IPexternal:1234 <=> Wrouter 1 on the 192.168.1.someip:3412 <=> 192.168.2.54:4321

Some cameras require two streams inbound auth and one data stream. If that is the case, you will need to bring this data stream port all the way out such that Y1 and X1 and likely Z1 have to be the same
IPexternal:X1 <=> Wrouter 1 on the 192.168.1.someip:X1 <=> 192.168.2.54:X1

Some cameras vendors provide a media streaming app such that you could instead of exposing your camera directly to the net use this media streaming application to aggregate the various streams from your setup i.e. IP cam, DVrs from the same manufacturer, etc. and present that to the outside.

The media streaming app uses the computer/system's local storage which is in addition to any storage available on the IP cam/DVRs.
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
John HurstBusiness Consultant (Owner)Commented:
You can certainly have the Wi-Fi on a separate LAN but now you have to make an outside connection to it. If you also have an outside connection to the main LAN, that means two connections.

You can try Arnold's method above. I prefer simplicity and have one (highly) secured main network.
0
 
fpoyavoAuthor Commented:
John, your method did not help. I will try Arnold's but I am very skeptical that it may work.
0
 
fpoyavoAuthor Commented:
I tried mnaufacture provided sofware for android and it works only on LAN ... as soon as I disconnect from LAN no luck. Most likely it looks like DDNS the only option which I don't like and not due to a fee which is not a big deal but the whole idea to access it on my own. Too many parties already involved in it :)) router company, ip cam company and now DDNS ? You call it privacy ? :))) I would at least minimize it to 2 but not sure if its possible. I also tried VPN which does not work as well from Android phone was not able to get it work although I have a very decent routers .... not sure what these guys charging for.

I have CISCO small business and tried AnyConnect .... spent the whole day playing with different settings and nothing.
0
 
John HurstBusiness Consultant (Owner)Commented:
My method (one LAN) and an outside connection will surely work. I use a secure VPN connection but I can connect in from the outside.

So the issue here is connection, not one or two LAN's.

I use Cisco RVxxx VPN boxes and can connect that way.  I do not use AnyConnect, I use NCP Secure Entry (www.ncp-e.com).

It is not trivial and it is not free but it works.
0
 
arnoldCommented:
What did not work?
Are you able to access the IP cam while on a system on 192.168.1.x network?
My guess is currently as long as you are using a wifi connected device having and ip 192.168.2.x you can access the IP cam.

Look at the ip config, does it have two/three ports you need to know which port you want to extend out.

The DDNS does not know what you have behind it only registers your WAN ip to a HOST you preselect unless you use the ip cam's as a DDNS provider.
0
 
phil435Commented:
I use ip cam viewer on android and it works for many models of cameras. As long as you can reach the IP address/port you should be good.

Is there a need for two different subnets, just thought I would ask. What model of router and wireless router do you have? The wireless router will need an IP address that is in the same subnet as the main router on its wan port and then you can use pat on the wireless router to reach the second subnet. This all assumes you have home/smb routers. A little more detail on device models would be helpful.
0
 
John HurstBusiness Consultant (Owner)Commented:
As long as you can reach the IP address/port  <-- Of course, that Is the issue. If you do not want the host computer to be wide open, you need secure access to it (say VPN). So the issue is not really one or two LAN's, but remote access.
0
 
phil435Commented:
John, I agree with your statement. Is he wanting to use a VPN or is he using PAT? I made the assumption that he was port forwarding from the outside in and that is where his problem is.

I have cameras that I access on my Android by both VPN and PAT. Are you wanting to use VPN to access these? This will be the most secure but I want to make sure I understand your goal?8
0
 
fpoyavoAuthor Commented:
Well Phil, I goal was from the beginning to avoid VPN or DDNS and just to use my 2 routers as you can see.
0
 
fpoyavoAuthor Commented:
Again if I knew I will end up using VPN or DDNS I would not post this question here. That's what I have been trying for some time. AnyConnect ? Anyone had luck to install client certificate on Android ? Looks like bug in there no ?
0
 
phil435Commented:
I just use standard ipsec client on Android. I use ipsec xauth psk which is included on my maxx. This simulates the standard VPN client.

For some of my cameras I just do port forwarding and I don't worry about setting up a VPN connection.  Arnold's solution above will work for PAT it would just help to know what routers you are using and we can help build a config. Setup on a linkysys or any other home/smb wireless router may have limitations and different setup vs corporate. It all can be done in either case though. If indeed you want to keep different subnets then you need to get access to the cameras working from the 192.168.1.0 subnet before tackling the external. This is the first place that I would start. Does the wireless router use a wan port and is that what you are using to plug into the upstream router? The main router and wireless router need to have interfaces on the same subnet to get the routing between the two working unless this is a trunk between the wireless and main router.

The IP can viewer above has a free version you can try and works well. I just enter my external IP/port in the app and then let port forwarding do the rest.
0
 
John HurstBusiness Consultant (Owner)Commented:
Well Phil, I goal was from the beginning to avoid VPN or DDNS   <-- Exceedingly insecure. The same as leaving a full wallet out on the street.
0
 
fpoyavoAuthor Commented:
Hi guys, ok TAP worked. Thanks.
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

  • 6
  • 5
  • 3
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now