Craig Walker
asked on
Opening a port..?
Hi,
I have setup a remote CCTV system at home and I'm having difficulty connecting remotley when I work away from home, I have checked my ports that are opened (see attached)
I have configured the CCTV software for http port: 80 and the media port for: 6871 also the static i.p. address I have setup for the CCTV is 192.168.3.30
Unfortunatley I can't connect remotley I have also setup my dns servers but still can't connect probably due to 6871 not being active.
I have a cisco asa 5505 firewall and I'm a little unsure how to configure this correctly Incase I screw It up.
I have a console cable to login and configure this at CLI and I also have the ASDM GUI interface software but this looks more daunting to be honest even though it looks good, On another point I also run a Cisco 800 router If you need to see the config for this then let me know as I can upload this as well if needed.
Any help would be greatly appreaciated with this
This is my firewall config below :-
--------------------------
: Saved
:
ASA Version 8.2(1)
!
hostname ciscoasa
enable password 8Ry2YjIyt7RRXU24 encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
!
interface Vlan1
nameif inside
security-level 100
ip address 192.168.3.1 255.255.255.0
!
interface Vlan2
nameif outside
security-level 0
ip address 192.168.1.2 255.255.255.0
!
interface Ethernet0/0
switchport access vlan 2
!
interface Ethernet0/1
!
interface Ethernet0/2
!
interface Ethernet0/3
!
interface Ethernet0/4
!
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7
!
ftp mode passive
clock timezone GMT/BST 0
clock summer-time GMT/BDT recurring last Sun Mar 1:00 last Sun Oct 2:00
access-list Controller_in extended permit tcp any interface outside eq www
access-list Controller_In extended permit tcp any interface outside eq www
pager lines 24
logging buffered debugging
logging asdm informational
mtu inside 1500
mtu outside 1500
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0
static (inside,outside) tcp interface www 192.168.3.140 www netmask 255.255.255.255
access-group Controller_In in interface outside
route outside 0.0.0.0 0.0.0.0 192.168.1.1 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-reco
http server enable
http 192.168.1.0 255.255.255.0 inside
http 192.168.3.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd auto_config outside
!
dhcpd address 192.168.3.5-192.168.3.36 inside
dhcpd dns 208.67.220.220 208.67.222.222 interface inside
dhcpd lease 28800 interface inside
dhcpd enable inside
!
threat-detection basic-threat
threat-detection statistics port
threat-detection statistics protocol
threat-detection statistics access-list
threat-detection statistics tcp-intercept rate-interval 30 burst-rate 400 average-rate 200
webvpn
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
!
service-policy global_policy global
prompt hostname context
Cryptochecksum:7085fe54a1d
: end
no asdm history enable
--------------------------
Port-Scan.odt
I have setup a remote CCTV system at home and I'm having difficulty connecting remotley when I work away from home, I have checked my ports that are opened (see attached)
I have configured the CCTV software for http port: 80 and the media port for: 6871 also the static i.p. address I have setup for the CCTV is 192.168.3.30
Unfortunatley I can't connect remotley I have also setup my dns servers but still can't connect probably due to 6871 not being active.
I have a cisco asa 5505 firewall and I'm a little unsure how to configure this correctly Incase I screw It up.
I have a console cable to login and configure this at CLI and I also have the ASDM GUI interface software but this looks more daunting to be honest even though it looks good, On another point I also run a Cisco 800 router If you need to see the config for this then let me know as I can upload this as well if needed.
Any help would be greatly appreaciated with this
This is my firewall config below :-
--------------------------
: Saved
:
ASA Version 8.2(1)
!
hostname ciscoasa
enable password 8Ry2YjIyt7RRXU24 encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
!
interface Vlan1
nameif inside
security-level 100
ip address 192.168.3.1 255.255.255.0
!
interface Vlan2
nameif outside
security-level 0
ip address 192.168.1.2 255.255.255.0
!
interface Ethernet0/0
switchport access vlan 2
!
interface Ethernet0/1
!
interface Ethernet0/2
!
interface Ethernet0/3
!
interface Ethernet0/4
!
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7
!
ftp mode passive
clock timezone GMT/BST 0
clock summer-time GMT/BDT recurring last Sun Mar 1:00 last Sun Oct 2:00
access-list Controller_in extended permit tcp any interface outside eq www
access-list Controller_In extended permit tcp any interface outside eq www
pager lines 24
logging buffered debugging
logging asdm informational
mtu inside 1500
mtu outside 1500
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0
static (inside,outside) tcp interface www 192.168.3.140 www netmask 255.255.255.255
access-group Controller_In in interface outside
route outside 0.0.0.0 0.0.0.0 192.168.1.1 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-reco
http server enable
http 192.168.1.0 255.255.255.0 inside
http 192.168.3.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd auto_config outside
!
dhcpd address 192.168.3.5-192.168.3.36 inside
dhcpd dns 208.67.220.220 208.67.222.222 interface inside
dhcpd lease 28800 interface inside
dhcpd enable inside
!
threat-detection basic-threat
threat-detection statistics port
threat-detection statistics protocol
threat-detection statistics access-list
threat-detection statistics tcp-intercept rate-interval 30 burst-rate 400 average-rate 200
webvpn
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
!
service-policy global_policy global
prompt hostname context
Cryptochecksum:7085fe54a1d
: end
no asdm history enable
--------------------------
Port-Scan.odt
Hi,
If skype installed on your system then try to exit and try.
Regards,
D Patel
If skype installed on your system then try to exit and try.
Regards,
D Patel
ASKER
Hi,
Sorry about the delayed response but I've was working away from home
I can recall something like port forwarding for my aquarium controller which was on 192.168.3.140 (static ip on port 80) but this port is opened by default.
I can see this on the firewall config do I just add the same line again only with the i.p ending 30 ?
static (inside,outside) tcp interface www 192.168.3.140 www netmask 255.255.255.255
Also this will still leave port 6871 closed so how do I open this up is this done on the router or firewall?
Thanks
Sorry about the delayed response but I've was working away from home
I can recall something like port forwarding for my aquarium controller which was on 192.168.3.140 (static ip on port 80) but this port is opened by default.
I can see this on the firewall config do I just add the same line again only with the i.p ending 30 ?
static (inside,outside) tcp interface www 192.168.3.140 www netmask 255.255.255.255
Also this will still leave port 6871 closed so how do I open this up is this done on the router or firewall?
Thanks
ASKER
Can i have a follow up on this please ???
Port forwarding is one on the router. See this link for the general walh-thru. You may need to refresh your understanding of your specific router.
http://www.wikihow.com/Set-Up-Port-Forwarding-on-a-Router
http://www.wikihow.com/Set-Up-Port-Forwarding-on-a-Router
ASKER
Hi,
Yes i understand how to configure port forwarding from a GUI interface but unfortunatley i have a cisco 877VA router and i will have to do this from the CLI in putty.
I really just want to know the command line i need to add this to my config then wri mem as i'm not fully up to speed with the cisco cli but can get round about it if i know what to add.
as an example 192.168.3.30 : 6871 but i need to know the command to add this.?
Yes i understand how to configure port forwarding from a GUI interface but unfortunatley i have a cisco 877VA router and i will have to do this from the CLI in putty.
I really just want to know the command line i need to add this to my config then wri mem as i'm not fully up to speed with the cisco cli but can get round about it if i know what to add.
as an example 192.168.3.30 : 6871 but i need to know the command to add this.?
This question needs an answer!
Become an EE member today
7 DAY FREE TRIALMembers can start a 7-Day Free trial then enjoy unlimited access to the platform.
View membership options
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
This question is just to get the ball rolling and maybe someone else who knows this better than I can jump in here with a better answer.
Anyway, good luck with this.