Link to home
Start Free TrialLog in
Avatar of fpoyavo
fpoyavoFlag for United States of America

asked on

setup ip cam

Hi Experts,

I have IP cam which is working fine on LAN.

The problem is that I have a bit complex setup.

I have main router connected to WAN running own LAN 192.168.1.1 and then inside WIFI router connected to it with its own LAN 192.168.2.1

My IP cam obviously connected to WIFI router and has address 192.168.2.54

The problem is how do I access my IP CAM from outside [from WAN] ???

I am not experts in routing etc so need your guidance what to do here.

Thanks a lot.
Avatar of John
John
Flag of Canada image

If you do not mind the camera on your main network, do the following:

1. Connect a LAN port on the Wi-Fi router to a LAN port on your network.
2. Give the Wi-Fi router a static IP on your network (say 192.168.1.10).
3. Turn DHCP OFF on the Wi-Fi router.

Now it is on the same network and now (assuming you can access your main network from outside) you can access the camera from outside.
Avatar of fpoyavo

ASKER

Ok I will try it but if it was on a different LAN could it be possible to do ?
ASKER CERTIFIED SOLUTION
Avatar of arnold
arnold
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
You can certainly have the Wi-Fi on a separate LAN but now you have to make an outside connection to it. If you also have an outside connection to the main LAN, that means two connections.

You can try Arnold's method above. I prefer simplicity and have one (highly) secured main network.
Avatar of fpoyavo

ASKER

John, your method did not help. I will try Arnold's but I am very skeptical that it may work.
Avatar of fpoyavo

ASKER

I tried mnaufacture provided sofware for android and it works only on LAN ... as soon as I disconnect from LAN no luck. Most likely it looks like DDNS the only option which I don't like and not due to a fee which is not a big deal but the whole idea to access it on my own. Too many parties already involved in it :)) router company, ip cam company and now DDNS ? You call it privacy ? :))) I would at least minimize it to 2 but not sure if its possible. I also tried VPN which does not work as well from Android phone was not able to get it work although I have a very decent routers .... not sure what these guys charging for.

I have CISCO small business and tried AnyConnect .... spent the whole day playing with different settings and nothing.
My method (one LAN) and an outside connection will surely work. I use a secure VPN connection but I can connect in from the outside.

So the issue here is connection, not one or two LAN's.

I use Cisco RVxxx VPN boxes and can connect that way.  I do not use AnyConnect, I use NCP Secure Entry (www.ncp-e.com).

It is not trivial and it is not free but it works.
What did not work?
Are you able to access the IP cam while on a system on 192.168.1.x network?
My guess is currently as long as you are using a wifi connected device having and ip 192.168.2.x you can access the IP cam.

Look at the ip config, does it have two/three ports you need to know which port you want to extend out.

The DDNS does not know what you have behind it only registers your WAN ip to a HOST you preselect unless you use the ip cam's as a DDNS provider.
I use ip cam viewer on android and it works for many models of cameras. As long as you can reach the IP address/port you should be good.

Is there a need for two different subnets, just thought I would ask. What model of router and wireless router do you have? The wireless router will need an IP address that is in the same subnet as the main router on its wan port and then you can use pat on the wireless router to reach the second subnet. This all assumes you have home/smb routers. A little more detail on device models would be helpful.
As long as you can reach the IP address/port  <-- Of course, that Is the issue. If you do not want the host computer to be wide open, you need secure access to it (say VPN). So the issue is not really one or two LAN's, but remote access.
John, I agree with your statement. Is he wanting to use a VPN or is he using PAT? I made the assumption that he was port forwarding from the outside in and that is where his problem is.

I have cameras that I access on my Android by both VPN and PAT. Are you wanting to use VPN to access these? This will be the most secure but I want to make sure I understand your goal?8
Avatar of fpoyavo

ASKER

Well Phil, I goal was from the beginning to avoid VPN or DDNS and just to use my 2 routers as you can see.
Avatar of fpoyavo

ASKER

Again if I knew I will end up using VPN or DDNS I would not post this question here. That's what I have been trying for some time. AnyConnect ? Anyone had luck to install client certificate on Android ? Looks like bug in there no ?
I just use standard ipsec client on Android. I use ipsec xauth psk which is included on my maxx. This simulates the standard VPN client.

For some of my cameras I just do port forwarding and I don't worry about setting up a VPN connection.  Arnold's solution above will work for PAT it would just help to know what routers you are using and we can help build a config. Setup on a linkysys or any other home/smb wireless router may have limitations and different setup vs corporate. It all can be done in either case though. If indeed you want to keep different subnets then you need to get access to the cameras working from the 192.168.1.0 subnet before tackling the external. This is the first place that I would start. Does the wireless router use a wan port and is that what you are using to plug into the upstream router? The main router and wireless router need to have interfaces on the same subnet to get the routing between the two working unless this is a trunk between the wireless and main router.

The IP can viewer above has a free version you can try and works well. I just enter my external IP/port in the app and then let port forwarding do the rest.
Well Phil, I goal was from the beginning to avoid VPN or DDNS   <-- Exceedingly insecure. The same as leaving a full wallet out on the street.
Avatar of fpoyavo

ASKER

Hi guys, ok TAP worked. Thanks.