DVR Web server

Discussion in 'Cisco' started by instauratio, Jul 29, 2004.

  1. instauratio

    instauratio Guest

    I recently installed a DVR surveillance system. It's basically
    a computer with a digital video capture card and
    web server/thin client software.

    I'm supposed to be able to view the video over the
    internet. Indeed, I have been able to see the video using
    internet Explorer from within the network. But, because
    of the firewall, I have not been able to see it from the
    outside.

    I have been feaverishly reading about pix configuration, and
    am learning a lot. I have also acquired a sniffer to look at
    the protocols and traffic for this DVR, so that I can open
    a hole specific to the traffic. However, I'm kind of a
    slow learner and I need to get this going very soon.

    Is it possible that what i want is easy, and I'm just missing
    something simple?

    I have made some additions in my attempts as I indicate
    within the file pasted.

    I'm trying very hard to learn and I am enjoying
    the process and new found knowledge, but time is
    getting the best of me. *Any* help would be greatly
    appreciated!

    (also interested in feedback on the current
    configuration overall, thanks!)

    Pertinent information:

    The DVR server/computer has been assigned 192.168.4.16
    I've given this a static address translation of xx.xx.50.233 for
    the outside access.

    The DVR allows for me to assign a port number to the
    application. They recommend 3002. I have followed their
    recommendation.


    cispix# sh conf
    : Saved
    : Written by enable_15 at 09:21:56.569 UTC Wed Feb 25 2004
    PIX Version 6.3(1)
    interface ethernet0 auto
    interface ethernet1 auto
    nameif ethernet0 outside security0
    nameif ethernet1 inside security100

    hostname cispix
    domain-name ciscopix.com
    fixup protocol esp-ike
    fixup protocol ftp 21
    fixup protocol h323 h225 1720
    fixup protocol h323 ras 1718-1719
    fixup protocol http 80
    fixup protocol ils 389
    fixup protocol pptp 1723
    fixup protocol rsh 514
    fixup protocol rtsp 554
    fixup protocol sip 5060
    fixup protocol sip udp 5060
    fixup protocol skinny 2000
    fixup protocol smtp 25
    fixup protocol sqlnet 1521
    names
    access-list outside permit icmp any any
    access-list outside permit tcp any host xx.xx.50.231 eq pop3
    access-list outside permit tcp any host xx.xx.50.231 eq smtp
    access-list outside permit tcp any host xx.xx.50.231 eq www
    access-list outside permit tcp any host xx.xx.50.229 eq www
    access-list outside permit udp any host xx.xx.50.228 eq isakmp
    access-list outside permit tcp any host xx.xx.50.228 eq 1701
    access-list outside permit udp any host xx.xx.50.228 eq netbios-ns
    access-list outside permit udp any host xx.xx.50.228 eq netbios-dgm
    access-list outside permit tcp any host xx.xx.50.232 eq www
    access-list outside permit ip host xx.xx.238.207 xx.xx.50.224 255.255.255.224
    access-list outside permit ip host xx.xx.238.232 xx.xx.50.224 255.255.255.224
    access-list outside permit esp host xx.xx.238.207 xx.xx.50.224 255.255.255.224
    access-list outside permit esp host xx.xx.238.232 xx.xx.50.224 255.255.255.224
    access-list outside permit udp any xx.xx.50.224 255.255.255.254 eq isakmp
    access-list outside permit esp any xx.xx.50.224 255.255.255.254
    access-list outside permit gre any host xx.xx.50.228
    access-list outside permit esp any host xx.xx.50.228
    access-list outside permit tcp any host xx.xx.50.224 eq pptp
    access-list outside permit tcp any host xx.xx.50.228 eq pptp
    access-list outside permit tcp any host xx.xx.50.231 eq https

    I added this line:
    access-list outside permit tcp any host xx.xx.50.233 eq www

    pager lines 24
    logging on
    logging trap informational
    logging host inside 192.168.4.11
    mtu outside 1500
    mtu inside 1500
    ip address outside xx.xx.50.227 255.255.255.224
    ip address inside 192.168.4.1 255.255.255.0
    ip audit info action alarm
    ip audit attack action alarm
    pdm location 192.168.4.11 255.255.255.255 inside
    pdm location 192.168.4.12 255.255.255.255 inside
    pdm location 192.168.4.13 255.255.255.255 inside
    pdm location 192.168.4.14 255.255.255.255 inside
    pdm location 192.168.4.15 255.255.255.255 inside
    pdm history enable
    arp timeout 14400
    global (outside) 1 xx.xx.50.254
    nat (inside) 1 0.0.0.0 0.0.0.0 0 0
    static (inside,outside) xx.xx.50.228 192.168.4.11 netmask 255.255.255.255 0 0
    static (inside,outside) xx.xx.50.229 192.168.4.14 netmask 255.255.255.255 0 0
    static (inside,outside) xx.xx.50.230 192.168.4.12 netmask 255.255.255.255 0 0
    static (inside,outside) xx.xx.50.231 192.168.4.13 netmask 255.255.255.255 0 0
    static (inside,outside) xx.xx.50.232 192.168.4.15 netmask 255.255.255.255 0 0

    I added this line:
    static (inside,outside) xx.xx.50.233 192.168.4.16 netmask 255.255.255.255 0 0

    access-group outside in interface outside
    route outside 0.0.0.0 0.0.0.0 xx.xx.50.225 1
    timeout xlate 3:00:00
    timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
    timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
    timeout uauth 0:05:00 absolute
    aaa-server TACACS+ protocol tacacs+
    aaa-server RADIUS protocol radius
    aaa-server LOCAL protocol local
    http server enable
    http 192.168.4.0 255.255.255.0 inside
    no snmp-server location
    no snmp-server contact
    snmp-server community public
    no snmp-server enable traps
    floodguard enable
    telnet 192.168.4.0 255.255.255.0 inside
    telnet timeout 10
    ssh timeout 5
    console timeout 0
    terminal width 80
    cispix#
     
    instauratio, Jul 29, 2004
    #1
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Retail_addict
    Replies:
    3
    Views:
    700
  2. Pedro Simoes
    Replies:
    0
    Views:
    988
    Pedro Simoes
    Nov 24, 2005
  3. eric the brave
    Replies:
    0
    Views:
    1,155
    eric the brave
    Mar 5, 2006
  4. nonewz_is_goodnewz

    How to set up a web server and email server

    nonewz_is_goodnewz, Feb 10, 2004, in forum: Computer Support
    Replies:
    8
    Views:
    597
    oplante
    Feb 17, 2004
  5. Retail_addict
    Replies:
    5
    Views:
    628
    Vipul Patel
    Oct 21, 2005
Loading...

Share This Page