Solved

setup ip cam

Posted on 2014-12-27
16
209 Views
Last Modified: 2014-12-28
Hi Experts,

I have IP cam which is working fine on LAN.

The problem is that I have a bit complex setup.

I have main router connected to WAN running own LAN 192.168.1.1 and then inside WIFI router connected to it with its own LAN 192.168.2.1

My IP cam obviously connected to WIFI router and has address 192.168.2.54

The problem is how do I access my IP CAM from outside [from WAN] ???

I am not experts in routing etc so need your guidance what to do here.

Thanks a lot.
0
Comment
Question by:fpoyavo
  • 6
  • 5
  • 3
  • +1
16 Comments
 
LVL 90

Expert Comment

by:John Hurst
ID: 40520128
If you do not mind the camera on your main network, do the following:

1. Connect a LAN port on the Wi-Fi router to a LAN port on your network.
2. Give the Wi-Fi router a static IP on your network (say 192.168.1.10).
3. Turn DHCP OFF on the Wi-Fi router.

Now it is on the same network and now (assuming you can access your main network from outside) you can access the camera from outside.
0
 
LVL 1

Author Comment

by:fpoyavo
ID: 40520132
Ok I will try it but if it was on a different LAN could it be possible to do ?
0
 
LVL 76

Accepted Solution

by:
arnold earned 500 total points
ID: 40520135
You first create a path from the (port forward) 192.168.1.x network router to the 192.168.2.54

Internet <=> (WAN side has IPexternal) router A (192.168.1.x/24 LAN) <=> (192.168.1.someip ) WRouter 1 ( 192.168.2.x/24 LAN)
On the Wrouter 1 with IP 192.168.1.someip (wan) side router
Port forward X which will mean connection to 192.168.1.someIP:Z will be translated to the 192.168.2.54:X

Now on your external Internet Facing Router you need to map port Y to 192.168.1.someip:Z

Port Y is the port that will be used externally i.e. connect to WAN side IPexternal port Y will actually translated through the first router to 192.168.1.someip:X which will in turn be translated on the second router to the IP camera's 192.168.2.54:X

Y and X can be the same or they can be different depending on what your routers allow.

i.e. you want external Y=1234
your camera port is 4321.
The intermediary Z can be anything else i.e. 3412
The path will be
IPexternal:1234 <=> Wrouter 1 on the 192.168.1.someip:3412 <=> 192.168.2.54:4321

Some cameras require two streams inbound auth and one data stream. If that is the case, you will need to bring this data stream port all the way out such that Y1 and X1 and likely Z1 have to be the same
IPexternal:X1 <=> Wrouter 1 on the 192.168.1.someip:X1 <=> 192.168.2.54:X1

Some cameras vendors provide a media streaming app such that you could instead of exposing your camera directly to the net use this media streaming application to aggregate the various streams from your setup i.e. IP cam, DVrs from the same manufacturer, etc. and present that to the outside.

The media streaming app uses the computer/system's local storage which is in addition to any storage available on the IP cam/DVRs.
0
 
LVL 90

Expert Comment

by:John Hurst
ID: 40520139
You can certainly have the Wi-Fi on a separate LAN but now you have to make an outside connection to it. If you also have an outside connection to the main LAN, that means two connections.

You can try Arnold's method above. I prefer simplicity and have one (highly) secured main network.
0
 
LVL 1

Author Comment

by:fpoyavo
ID: 40520199
John, your method did not help. I will try Arnold's but I am very skeptical that it may work.
0
 
LVL 1

Author Comment

by:fpoyavo
ID: 40520202
I tried mnaufacture provided sofware for android and it works only on LAN ... as soon as I disconnect from LAN no luck. Most likely it looks like DDNS the only option which I don't like and not due to a fee which is not a big deal but the whole idea to access it on my own. Too many parties already involved in it :)) router company, ip cam company and now DDNS ? You call it privacy ? :))) I would at least minimize it to 2 but not sure if its possible. I also tried VPN which does not work as well from Android phone was not able to get it work although I have a very decent routers .... not sure what these guys charging for.

I have CISCO small business and tried AnyConnect .... spent the whole day playing with different settings and nothing.
0
 
LVL 90

Expert Comment

by:John Hurst
ID: 40520335
My method (one LAN) and an outside connection will surely work. I use a secure VPN connection but I can connect in from the outside.

So the issue here is connection, not one or two LAN's.

I use Cisco RVxxx VPN boxes and can connect that way.  I do not use AnyConnect, I use NCP Secure Entry (www.ncp-e.com).

It is not trivial and it is not free but it works.
0
 
LVL 76

Expert Comment

by:arnold
ID: 40520374
What did not work?
Are you able to access the IP cam while on a system on 192.168.1.x network?
My guess is currently as long as you are using a wifi connected device having and ip 192.168.2.x you can access the IP cam.

Look at the ip config, does it have two/three ports you need to know which port you want to extend out.

The DDNS does not know what you have behind it only registers your WAN ip to a HOST you preselect unless you use the ip cam's as a DDNS provider.
0
Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 
LVL 2

Expert Comment

by:phil435
ID: 40520448
I use ip cam viewer on android and it works for many models of cameras. As long as you can reach the IP address/port you should be good.

Is there a need for two different subnets, just thought I would ask. What model of router and wireless router do you have? The wireless router will need an IP address that is in the same subnet as the main router on its wan port and then you can use pat on the wireless router to reach the second subnet. This all assumes you have home/smb routers. A little more detail on device models would be helpful.
0
 
LVL 90

Expert Comment

by:John Hurst
ID: 40520453
As long as you can reach the IP address/port  <-- Of course, that Is the issue. If you do not want the host computer to be wide open, you need secure access to it (say VPN). So the issue is not really one or two LAN's, but remote access.
0
 
LVL 2

Expert Comment

by:phil435
ID: 40520458
John, I agree with your statement. Is he wanting to use a VPN or is he using PAT? I made the assumption that he was port forwarding from the outside in and that is where his problem is.

I have cameras that I access on my Android by both VPN and PAT. Are you wanting to use VPN to access these? This will be the most secure but I want to make sure I understand your goal?8
0
 
LVL 1

Author Comment

by:fpoyavo
ID: 40520492
Well Phil, I goal was from the beginning to avoid VPN or DDNS and just to use my 2 routers as you can see.
0
 
LVL 1

Author Comment

by:fpoyavo
ID: 40520495
Again if I knew I will end up using VPN or DDNS I would not post this question here. That's what I have been trying for some time. AnyConnect ? Anyone had luck to install client certificate on Android ? Looks like bug in there no ?
0
 
LVL 2

Expert Comment

by:phil435
ID: 40520514
I just use standard ipsec client on Android. I use ipsec xauth psk which is included on my maxx. This simulates the standard VPN client.

For some of my cameras I just do port forwarding and I don't worry about setting up a VPN connection.  Arnold's solution above will work for PAT it would just help to know what routers you are using and we can help build a config. Setup on a linkysys or any other home/smb wireless router may have limitations and different setup vs corporate. It all can be done in either case though. If indeed you want to keep different subnets then you need to get access to the cameras working from the 192.168.1.0 subnet before tackling the external. This is the first place that I would start. Does the wireless router use a wan port and is that what you are using to plug into the upstream router? The main router and wireless router need to have interfaces on the same subnet to get the routing between the two working unless this is a trunk between the wireless and main router.

The IP can viewer above has a free version you can try and works well. I just enter my external IP/port in the app and then let port forwarding do the rest.
0
 
LVL 90

Expert Comment

by:John Hurst
ID: 40520552
Well Phil, I goal was from the beginning to avoid VPN or DDNS   <-- Exceedingly insecure. The same as leaving a full wallet out on the street.
0
 
LVL 1

Author Comment

by:fpoyavo
ID: 40520603
Hi guys, ok TAP worked. Thanks.
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

This is an article about my experiences with remote access to my clients (so that I may serve them) and eventually to my home office system via Radmin Remote Control. I have been using remote access for over 10 years and have been improving my metho…
Data center, now-a-days, is referred as the home of all the advanced technologies. In-fact, most of the businesses are now establishing their entire organizational structure around the IT capabilities.
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now