How to access ip camer and dvr in lan network behind cisco router 2811

I want to access Dlink 6620g wireless ip camera and 24 port dvr from outside in lan network.

IP camera address is http://192.168.11.21:8081/ and dvr address is http://192.168.11.20:8084.

Router wan and lan config is as under
interface FastEthernet0/0
 description WAN port
 ip address 220.227.159.117 255.255.255.252
 ip flow egress
 ip nat outside
 ip virtual-reassembly
 duplex auto
 speed auto
!
interface FastEthernet0/1
 description Internal LAN$ES_LAN$
 ip address 192.168.11.10 255.255.255.0 secondary
 ip address 172.16.0.2 255.255.255.252 secondary
 ip address 115.249.110.97 255.255.255.224
 ip flow ingress
 ip nat inside
 ip virtual-reassembly
 duplex auto
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 220.227.159.118
!
ip flow-export version 5
ip flow-export destination 115.249.110.100 2055
!
ip http server
ip http authentication local
ip nat pool ovrld 220.227.159.117 220.227.159.117 netmask 255.255.255.252
ip nat inside source list 7 pool ovrld overload
!
access-list 7 permit 192.168.11.0 0.0.0.255
snmp-server community private RW

please provide the command to access camera from outside from lan network and so i can access from mobile network also
Thanks
ManojtanwarAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

RafaelCommented:
You would have to create a NAT rule to allow that.

[i]HTH
-Rafael[/i]
0
ManojtanwarAuthor Commented:
Please provide example
0
Katrach0System AdminCommented:
Do you have a Cisco Firewall in place, it's much easier.
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

JustInCaseCommented:
Since you need to acces from the same device to two different hosts in inside network:

ip nat inside source static udp 192.168.11.21 8081 80 220.227.159.117 8081 extendable
ip nat inside source static udp 192.168.11.20 8084 80 220.227.159.117 8084 extendable

http://220.227.159.117:8081 - to access IP camera
http://220.227.159.117:8084 - to access DVR
0
ManojtanwarAuthor Commented:
Router(config)#$ 192.168.11.21 8081 80 220.227.159.117 8081 extendable
ip nat inside source static udp 192.168.11.21 8081 80 220.227.159.117 8081 exten
                                                     ^dable

% Invalid input detected at '^' marker.
 
shows error

what to do
0
JustInCaseCommented:
Try command without "inside":
ip nat source static udp 192.168.11.21 8081 80 220.227.159.117 8081 extendable

What is response from router when
ip nat inside source static udp ?
is entered?
0
ManojtanwarAuthor Commented:
ip nat source static udp 192.168.11.21 8080 80 220.227.159.117 8080 extendable
                                              ^
% Invalid input detected at '^' marker.

still error
0
JustInCaseCommented:
Ask router for information what are allowed parameters
:)
ip nat inside ?

ip nat inside source ?
0
ManojtanwarAuthor Commented:
I also change my camer port to 8081 to 8080
0
ManojtanwarAuthor Commented:
Router(config)#ip nat inside ?
  destination  Destination address translation
  source       Source address translation

Router(config)#ip nat inside source ?
  list       Specify access list describing local addresses
  route-map  Specify route-map
  static     Specify static local->global mapping
0
ManojtanwarAuthor Commented:
IP camera configuration
  HTTP port  8080
Streaming
  UDP audio channel port  5002
  UDP video channel port  5003
0
JustInCaseCommented:
ip nat inside source static ?

ip nat inside source static  udp ?

go on until you hit dead end...
0
ManojtanwarAuthor Commented:
Router(config)#ip nat inside source static ?                                            
  A.B.C.D  Inside local IP address                                  
  esp      IPSec-ESP (Tunnel mode) support                                          
  network  Subnet translation                            
  tcp      Transmission Control Protocol                                        
  udp      User Datagram Protocol                                

Router(config)#ip nat inside source static udp ?                                                
  A.B.C.D  Inside local IP address                                  

Router(config)#ip nat inside source static udp 192.168.11.21 ?                                                              
  <1-65535>  Local UDP/TCP port                              

Router(config)#ip nat inside source static udp 192.168.11.21 8080 ?                                                                  
  A.B.C.D    Inside global IP address                                    
  interface  Specify interface for global address

Router(config)#$de source static udp 192.168.11.21 8080 220.227.159.117 ?
  <1-65535>  Global UDP/TCP port

Router(config)#$de source static udp 192.168.11.21 8080 220.227.159.117 8080 ?
  extendable  Extend this translation when used
  mapping-id  Associate a mapping id to this mapping
  no-alias    Do not create an alias for the global address
  no-payload  No translation of embedded address/port in the payload
  redundancy  NAT redundancy operation
  route-map   Specify route-map
  vrf         Specify vrf
  <cr>

Router(config)#$static udp 192.168.11.21 8080 220.227.159.117 8080 extendable

but still not access the camera
0
JustInCaseCommented:
So ... you created port forward on router
If your IP address really is 220.227.159.117 - port 8080 is open
:)
And also - you should not show your real IP address.
0
ManojtanwarAuthor Commented:
ok thanks i will not show the real ip but i still not access the camera.  i have static ip pool. in the series 115.xxx.xxx.xxx can i forward one static ip to internal ips like

ip nat inside source static 192.168.11.21 8080 115.xxx.xxx.xxx 8080 extendable

or provide the right one
thanks
0
JustInCaseCommented:
That is port forward.
All traffic that hits 115.x.x.x on port 8080 will be forwarded to 192.168.11.21 on port 8080.
That's right one.
Access to camera and DVR can be some other problem (access-lists? etc).
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
ManojtanwarAuthor Commented:
still no  success i open both port tcp and udp on this static ip to local ip on 8080 port but still not access camera


what to do ?
0
JustInCaseCommented:
From here you can check is WAN port open. Currently port 8080 is closed, it was open before, I guess that you have changed WAN port for access.
0
ManojtanwarAuthor Commented:
how to open this port on router tell me the command

thanks
0
JustInCaseCommented:
You have the command.
ip nat inside source static 192.168.11.21 8080 115.xxx.xxx.xxx 8080 extendable

You probably have some other issue - firewall or something else is preventing you from using port forward.
Your port was open at one moment - so, you can reach conclusion yourself.

You can test on link that I gave you above
188.2.249.63 port 81
that's current ip of my home router - port 81 is redirected to port 80 by command

ip nat inside source static tcp 192.168.0.99 80 188.2.249.63 81 extendable

Also you can see that on http://188.2.249.63 port 80 you'll be asked for credentials - it is Cisco router, and on http://188.2.249.63:81 will give you nothing since there is no web server on my computer.

And, please, when you check post some comment to kill http server on cisco router :)
0
ManojtanwarAuthor Commented:
I give a public ip to tp link load balancing router 670. in the series of 115.xxx.xxx.106. and do port forward on this router. I access camera from outside network until i use internet through this load balancing router. even i can access the from my 3g network through ip cam viewer lite

when i switch to cisco router in the local ip 192.168.11.X but i cannot access the camera from out side.

then i tracert 115.XXX.XXX.106.

 C:\Users\Mukul_2>tracert 115.xxx.xxx.106

Tracing route to 115.249.110.106 over a maximum of

  1     1 ms     1 ms     1 ms  115.XXX.XXX.97
  2     *        *        *     Request timed out. and os on

when i route through tp link router tracert is

Tracing route to 115.xxx.xxx.106 over a maximum of 30 hops

  1     3 ms     1 ms     1 ms  192.168.0.1
  2     2 ms     2 ms     2 ms  115.xxx.xxx.106

Trace complete.
now tell what permission i have to give in cisco router to enable trafic

thanks
0
JustInCaseCommented:
Since you have generic description on Fa0/1,

interface FastEthernet0/1
 description Internal LAN$ES_LAN$

I guess that you have firewall configured with Cisco Configuration Professional and that's where problem is, so I guess that you need to change your firewall configuration to make it work.
0
ManojtanwarAuthor Commented:
I take one more router cisco 2811 and give a local ip to my computer 192.168.11.18 and i want to remote desktop from outer side for checking. But it still not working please tell me where i am wrong. i cannot access the pc from 115.xxx.xxx.106 ip from internet.

description WAN PORT
 ip address 220.XXX.XXX.117 255.XXX.XXX.252
 ip nat outside
 duplex auto
 speed auto

interface FastEthernet0/1
 ip address 192.168.11.1 255.255.255.0 secondary
 ip address 115.XXX.XXX.97 255.XXX.XXX.224
 ip nat inside
 duplex auto
 speed auto
Ip classless
ip route 0.0.0.0 0.0.0.0 220.XXX.XXX.118
no ip http server
ip nat pool ovrld 220.227.159.117 220.227.159.117 netmask 255.255.255.252
ip nat inside source list 7 pool ovrld overload
ip nat inside source list 8 interface FastEthernet0/0 overload
ip nat inside source static tcp 192.168.11.18 3389 115.249.110.106 3389 extendab
le

access-list 7 permit 192.168.11.0 0.0.0.255
access-list 8 permit 115.249.110.96 0.0.0.3
0
ManojtanwarAuthor Commented:
I also off the firewall and antivirus protection for some time and i also receive ping from outside and inside to ip 115.xxx.xxx.106. but i cannot remote desktop the pc and nor access the ip camera and other device
0
JustInCaseCommented:
I have just tried remote desktop to 115.249.110.106 and ...
RDP.JPGLooks like it is working.
0
ManojtanwarAuthor Commented:
yea its working but when i am access from anohter network like my phone 3g and we have another lease line. but what happen when access 115.xxx.xxx.106:8080 or 3389 from the same network i cant. it want say that from same network u can open camera from local address or some acl problem or anything else. or same network port forwarding not happen.
0
JustInCaseCommented:
Since port forward is working, and devices are accessible from internet - check you ACLs, firewalls and configuration of end device whatever you need to do to make it work.
I have no idea what you security configuration is on your network devices, or what is configuration of end devices (firewall, default gateways etc)... Maybe you need to have 2 steams on you CCTV, I don't know that...
I don't mean to be rude, but this is the way you access your devices behind Cisco router. That was your original question that I am helping you to solve.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Routers

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.