Manojtanwar
asked on
How to access ip camer and dvr in lan network behind cisco router 2811
I want to access Dlink 6620g wireless ip camera and 24 port dvr from outside in lan network.
IP camera address is http://192.168.11.21:8081/ and dvr address is http://192.168.11.20:8084.
Router wan and lan config is as under
interface FastEthernet0/0
description WAN port
ip address 220.227.159.117 255.255.255.252
ip flow egress
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
interface FastEthernet0/1
description Internal LAN$ES_LAN$
ip address 192.168.11.10 255.255.255.0 secondary
ip address 172.16.0.2 255.255.255.252 secondary
ip address 115.249.110.97 255.255.255.224
ip flow ingress
ip nat inside
ip virtual-reassembly
duplex auto
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 220.227.159.118
!
ip flow-export version 5
ip flow-export destination 115.249.110.100 2055
!
ip http server
ip http authentication local
ip nat pool ovrld 220.227.159.117 220.227.159.117 netmask 255.255.255.252
ip nat inside source list 7 pool ovrld overload
!
access-list 7 permit 192.168.11.0 0.0.0.255
snmp-server community private RW
please provide the command to access camera from outside from lan network and so i can access from mobile network also
Thanks
IP camera address is http://192.168.11.21:8081/ and dvr address is http://192.168.11.20:8084.
Router wan and lan config is as under
interface FastEthernet0/0
description WAN port
ip address 220.227.159.117 255.255.255.252
ip flow egress
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
interface FastEthernet0/1
description Internal LAN$ES_LAN$
ip address 192.168.11.10 255.255.255.0 secondary
ip address 172.16.0.2 255.255.255.252 secondary
ip address 115.249.110.97 255.255.255.224
ip flow ingress
ip nat inside
ip virtual-reassembly
duplex auto
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 220.227.159.118
!
ip flow-export version 5
ip flow-export destination 115.249.110.100 2055
!
ip http server
ip http authentication local
ip nat pool ovrld 220.227.159.117 220.227.159.117 netmask 255.255.255.252
ip nat inside source list 7 pool ovrld overload
!
access-list 7 permit 192.168.11.0 0.0.0.255
snmp-server community private RW
please provide the command to access camera from outside from lan network and so i can access from mobile network also
Thanks
ASKER
Please provide example
Do you have a Cisco Firewall in place, it's much easier.
Since you need to acces from the same device to two different hosts in inside network:
ip nat inside source static udp 192.168.11.21 8081 80 220.227.159.117 8081 extendable
ip nat inside source static udp 192.168.11.20 8084 80 220.227.159.117 8084 extendable
http://220.227.159.117:8081 - to access IP camera
http://220.227.159.117:8084 - to access DVR
ip nat inside source static udp 192.168.11.21 8081 80 220.227.159.117 8081 extendable
ip nat inside source static udp 192.168.11.20 8084 80 220.227.159.117 8084 extendable
http://220.227.159.117:8081 - to access IP camera
http://220.227.159.117:8084 - to access DVR
ASKER
Router(config)#$ 192.168.11.21 8081 80 220.227.159.117 8081 extendable
ip nat inside source static udp 192.168.11.21 8081 80 220.227.159.117 8081 exten
^dable
% Invalid input detected at '^' marker.
shows error
what to do
ip nat inside source static udp 192.168.11.21 8081 80 220.227.159.117 8081 exten
^dable
% Invalid input detected at '^' marker.
shows error
what to do
Try command without "inside":
ip nat source static udp 192.168.11.21 8081 80 220.227.159.117 8081 extendable
What is response from router when
ip nat inside source static udp ?
is entered?
ip nat source static udp 192.168.11.21 8081 80 220.227.159.117 8081 extendable
What is response from router when
ip nat inside source static udp ?
is entered?
ASKER
ip nat source static udp 192.168.11.21 8080 80 220.227.159.117 8080 extendable
^
% Invalid input detected at '^' marker.
still error
^
% Invalid input detected at '^' marker.
still error
Ask router for information what are allowed parameters
:)
ip nat inside ?
ip nat inside source ?
:)
ip nat inside ?
ip nat inside source ?
ASKER
I also change my camer port to 8081 to 8080
ASKER
Router(config)#ip nat inside ?
destination Destination address translation
source Source address translation
Router(config)#ip nat inside source ?
list Specify access list describing local addresses
route-map Specify route-map
static Specify static local->global mapping
destination Destination address translation
source Source address translation
Router(config)#ip nat inside source ?
list Specify access list describing local addresses
route-map Specify route-map
static Specify static local->global mapping
ASKER
IP camera configuration
HTTP port 8080
Streaming
UDP audio channel port 5002
UDP video channel port 5003
HTTP port 8080
Streaming
UDP audio channel port 5002
UDP video channel port 5003
ip nat inside source static ?
ip nat inside source static udp ?
go on until you hit dead end...
ip nat inside source static udp ?
go on until you hit dead end...
ASKER
Router(config)#ip nat inside source static ?
A.B.C.D Inside local IP address
esp IPSec-ESP (Tunnel mode) support
network Subnet translation
tcp Transmission Control Protocol
udp User Datagram Protocol
Router(config)#ip nat inside source static udp ?
A.B.C.D Inside local IP address
Router(config)#ip nat inside source static udp 192.168.11.21 ?
<1-65535> Local UDP/TCP port
Router(config)#ip nat inside source static udp 192.168.11.21 8080 ?
A.B.C.D Inside global IP address
interface Specify interface for global address
Router(config)#$de source static udp 192.168.11.21 8080 220.227.159.117 ?
<1-65535> Global UDP/TCP port
Router(config)#$de source static udp 192.168.11.21 8080 220.227.159.117 8080 ?
extendable Extend this translation when used
mapping-id Associate a mapping id to this mapping
no-alias Do not create an alias for the global address
no-payload No translation of embedded address/port in the payload
redundancy NAT redundancy operation
route-map Specify route-map
vrf Specify vrf
<cr>
Router(config)#$static udp 192.168.11.21 8080 220.227.159.117 8080 extendable
but still not access the camera
A.B.C.D Inside local IP address
esp IPSec-ESP (Tunnel mode) support
network Subnet translation
tcp Transmission Control Protocol
udp User Datagram Protocol
Router(config)#ip nat inside source static udp ?
A.B.C.D Inside local IP address
Router(config)#ip nat inside source static udp 192.168.11.21 ?
<1-65535> Local UDP/TCP port
Router(config)#ip nat inside source static udp 192.168.11.21 8080 ?
A.B.C.D Inside global IP address
interface Specify interface for global address
Router(config)#$de source static udp 192.168.11.21 8080 220.227.159.117 ?
<1-65535> Global UDP/TCP port
Router(config)#$de source static udp 192.168.11.21 8080 220.227.159.117 8080 ?
extendable Extend this translation when used
mapping-id Associate a mapping id to this mapping
no-alias Do not create an alias for the global address
no-payload No translation of embedded address/port in the payload
redundancy NAT redundancy operation
route-map Specify route-map
vrf Specify vrf
<cr>
Router(config)#$static udp 192.168.11.21 8080 220.227.159.117 8080 extendable
but still not access the camera
So ... you created port forward on router
If your IP address really is 220.227.159.117 - port 8080 is open
:)
And also - you should not show your real IP address.
If your IP address really is 220.227.159.117 - port 8080 is open
:)
And also - you should not show your real IP address.
ASKER
ok thanks i will not show the real ip but i still not access the camera. i have static ip pool. in the series 115.xxx.xxx.xxx can i forward one static ip to internal ips like
ip nat inside source static 192.168.11.21 8080 115.xxx.xxx.xxx 8080 extendable
or provide the right one
thanks
ip nat inside source static 192.168.11.21 8080 115.xxx.xxx.xxx 8080 extendable
or provide the right one
thanks
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
still no success i open both port tcp and udp on this static ip to local ip on 8080 port but still not access camera
what to do ?
what to do ?
From here you can check is WAN port open. Currently port 8080 is closed, it was open before, I guess that you have changed WAN port for access.
ASKER
how to open this port on router tell me the command
thanks
thanks
You have the command.
ip nat inside source static 192.168.11.21 8080 115.xxx.xxx.xxx 8080 extendable
You probably have some other issue - firewall or something else is preventing you from using port forward.
Your port was open at one moment - so, you can reach conclusion yourself.
You can test on link that I gave you above
188.2.249.63 port 81
that's current ip of my home router - port 81 is redirected to port 80 by command
ip nat inside source static tcp 192.168.0.99 80 188.2.249.63 81 extendable
Also you can see that on http://188.2.249.63 port 80 you'll be asked for credentials - it is Cisco router, and on http://188.2.249.63:81 will give you nothing since there is no web server on my computer.
And, please, when you check post some comment to kill http server on cisco router :)
ip nat inside source static 192.168.11.21 8080 115.xxx.xxx.xxx 8080 extendable
You probably have some other issue - firewall or something else is preventing you from using port forward.
Your port was open at one moment - so, you can reach conclusion yourself.
You can test on link that I gave you above
188.2.249.63 port 81
that's current ip of my home router - port 81 is redirected to port 80 by command
ip nat inside source static tcp 192.168.0.99 80 188.2.249.63 81 extendable
Also you can see that on http://188.2.249.63 port 80 you'll be asked for credentials - it is Cisco router, and on http://188.2.249.63:81 will give you nothing since there is no web server on my computer.
And, please, when you check post some comment to kill http server on cisco router :)
ASKER
I give a public ip to tp link load balancing router 670. in the series of 115.xxx.xxx.106. and do port forward on this router. I access camera from outside network until i use internet through this load balancing router. even i can access the from my 3g network through ip cam viewer lite
when i switch to cisco router in the local ip 192.168.11.X but i cannot access the camera from out side.
then i tracert 115.XXX.XXX.106.
C:\Users\Mukul_2>tracert 115.xxx.xxx.106
Tracing route to 115.249.110.106 over a maximum of
1 1 ms 1 ms 1 ms 115.XXX.XXX.97
2 * * * Request timed out. and os on
when i route through tp link router tracert is
Tracing route to 115.xxx.xxx.106 over a maximum of 30 hops
1 3 ms 1 ms 1 ms 192.168.0.1
2 2 ms 2 ms 2 ms 115.xxx.xxx.106
Trace complete.
now tell what permission i have to give in cisco router to enable trafic
thanks
when i switch to cisco router in the local ip 192.168.11.X but i cannot access the camera from out side.
then i tracert 115.XXX.XXX.106.
C:\Users\Mukul_2>tracert 115.xxx.xxx.106
Tracing route to 115.249.110.106 over a maximum of
1 1 ms 1 ms 1 ms 115.XXX.XXX.97
2 * * * Request timed out. and os on
when i route through tp link router tracert is
Tracing route to 115.xxx.xxx.106 over a maximum of 30 hops
1 3 ms 1 ms 1 ms 192.168.0.1
2 2 ms 2 ms 2 ms 115.xxx.xxx.106
Trace complete.
now tell what permission i have to give in cisco router to enable trafic
thanks
Since you have generic description on Fa0/1,
interface FastEthernet0/1
description Internal LAN$ES_LAN$
I guess that you have firewall configured with Cisco Configuration Professional and that's where problem is, so I guess that you need to change your firewall configuration to make it work.
interface FastEthernet0/1
description Internal LAN$ES_LAN$
I guess that you have firewall configured with Cisco Configuration Professional and that's where problem is, so I guess that you need to change your firewall configuration to make it work.
ASKER
I take one more router cisco 2811 and give a local ip to my computer 192.168.11.18 and i want to remote desktop from outer side for checking. But it still not working please tell me where i am wrong. i cannot access the pc from 115.xxx.xxx.106 ip from internet.
description WAN PORT
ip address 220.XXX.XXX.117 255.XXX.XXX.252
ip nat outside
duplex auto
speed auto
interface FastEthernet0/1
ip address 192.168.11.1 255.255.255.0 secondary
ip address 115.XXX.XXX.97 255.XXX.XXX.224
ip nat inside
duplex auto
speed auto
Ip classless
ip route 0.0.0.0 0.0.0.0 220.XXX.XXX.118
no ip http server
ip nat pool ovrld 220.227.159.117 220.227.159.117 netmask 255.255.255.252
ip nat inside source list 7 pool ovrld overload
ip nat inside source list 8 interface FastEthernet0/0 overload
ip nat inside source static tcp 192.168.11.18 3389 115.249.110.106 3389 extendab
le
access-list 7 permit 192.168.11.0 0.0.0.255
access-list 8 permit 115.249.110.96 0.0.0.3
description WAN PORT
ip address 220.XXX.XXX.117 255.XXX.XXX.252
ip nat outside
duplex auto
speed auto
interface FastEthernet0/1
ip address 192.168.11.1 255.255.255.0 secondary
ip address 115.XXX.XXX.97 255.XXX.XXX.224
ip nat inside
duplex auto
speed auto
Ip classless
ip route 0.0.0.0 0.0.0.0 220.XXX.XXX.118
no ip http server
ip nat pool ovrld 220.227.159.117 220.227.159.117 netmask 255.255.255.252
ip nat inside source list 7 pool ovrld overload
ip nat inside source list 8 interface FastEthernet0/0 overload
ip nat inside source static tcp 192.168.11.18 3389 115.249.110.106 3389 extendab
le
access-list 7 permit 192.168.11.0 0.0.0.255
access-list 8 permit 115.249.110.96 0.0.0.3
ASKER
I also off the firewall and antivirus protection for some time and i also receive ping from outside and inside to ip 115.xxx.xxx.106. but i cannot remote desktop the pc and nor access the ip camera and other device
ASKER
yea its working but when i am access from anohter network like my phone 3g and we have another lease line. but what happen when access 115.xxx.xxx.106:8080 or 3389 from the same network i cant. it want say that from same network u can open camera from local address or some acl problem or anything else. or same network port forwarding not happen.
Since port forward is working, and devices are accessible from internet - check you ACLs, firewalls and configuration of end device whatever you need to do to make it work.
I have no idea what you security configuration is on your network devices, or what is configuration of end devices (firewall, default gateways etc)... Maybe you need to have 2 steams on you CCTV, I don't know that...
I don't mean to be rude, but this is the way you access your devices behind Cisco router. That was your original question that I am helping you to solve.
I have no idea what you security configuration is on your network devices, or what is configuration of end devices (firewall, default gateways etc)... Maybe you need to have 2 steams on you CCTV, I don't know that...
I don't mean to be rude, but this is the way you access your devices behind Cisco router. That was your original question that I am helping you to solve.
[i]HTH
-Rafael[/i]