Hi guys
Been trying several things over several days to get access to one of our security cameras on a private 192.168.47.0/24 network from the outside. Tried Nat and access-list.
The attached config shoes the latest NAT attempt for 192.168.47.39 (camera) which does not work.
I am calling the adsl address xx.xx.xx.xx:1026
Other cameras work via Linksys routers, but this one goes through a Cisco 2811. Please help before a complete loss of hair!
Thanks...........config below.
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname xxxxxxxxxxxxx
!
boot-start-marker
boot-end-marker
!
enable secret level 5 5 $1$yKkc$g.6PgZkwsdhk.TgktxbUW/
!
username testuser password 0 12345678
no network-clock-participate aim 0
no network-clock-participate aim 1
no aaa new-model
ip subnet-zero
!
!
ip cef
!
!
no ip domain lookup
vpdn enable
!
vpdn-group ppoe
! Default PPTP VPDN group
accept-dialin
protocol pptp
virtual-template 1
!
no ftp-server write-enable
!
!
interface FastEthernet0/0
ip address 192.168.47.1 255.255.255.0
ip access-group 101 in
ip nat inside
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface ATM0/0/0
no ip address
no atm ilmi-keepalive
bundle-enable
dsl operating-mode auto
!
interface ATM0/0/0.1 point-to-point
ip address xx.xx.xx.xx 255.255.255.0
ip nat outside
pvc 8/32
!
!
!
interface Virtual-Template1
ip unnumbered FastEthernet0/0
no ip redirects
ip route-cache flow
peer default ip address pool vpdnpptp
no keepalive
ppp authentication chap eap ms-chap ms-chap-v2 pap
!
ip local pool vpdnpptp 192.168.47.31 192.168.47.35
ip classless
ip route 0.0.0.0 0.0.0.0 ATM0/0/0.1
!
ip http server
no ip http secure-server
ip nat inside source list 1 interface ATM0/0/0.1 overload
ip nat inside source static tcp 192.168.47.39 1026 interface FastEthernet0/0 1026
!
!
access-list 1 permit 192.168.47.0 0.0.0.255
access-list 101 deny tcp any any eq 1212
access-list 101 deny tcp any any eq 1213
access-list 101 deny tcp any any eq 6346
access-list 101 deny tcp any any eq 6347
access-list 101 deny tcp any any eq 1233
access-list 101 deny tcp any any eq 1234
access-list 101 deny tcp any any eq 1235
access-list 101 deny tcp any any eq 1214
access-list 101 deny udp any any eq 1214
access-list 101 permit ip any any
access-list 101 deny tcp any any gt 9000
!
!
!
control-plane
!
!
line con 0
password xxxxxx
login
line aux 0
line vty 0 4
password xxxxxx
login
!
scheduler allocate 20000 1000
sntp server 192.168.47.5
!
end
Been trying several things over several days to get access to one of our security cameras on a private 192.168.47.0/24 network from the outside. Tried Nat and access-list.
The attached config shoes the latest NAT attempt for 192.168.47.39 (camera) which does not work.
I am calling the adsl address xx.xx.xx.xx:1026
Other cameras work via Linksys routers, but this one goes through a Cisco 2811. Please help before a complete loss of hair!
Thanks...........config below.
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname xxxxxxxxxxxxx
!
boot-start-marker
boot-end-marker
!
enable secret level 5 5 $1$yKkc$g.6PgZkwsdhk.TgktxbUW/
!
username testuser password 0 12345678
no network-clock-participate aim 0
no network-clock-participate aim 1
no aaa new-model
ip subnet-zero
!
!
ip cef
!
!
no ip domain lookup
vpdn enable
!
vpdn-group ppoe
! Default PPTP VPDN group
accept-dialin
protocol pptp
virtual-template 1
!
no ftp-server write-enable
!
!
interface FastEthernet0/0
ip address 192.168.47.1 255.255.255.0
ip access-group 101 in
ip nat inside
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface ATM0/0/0
no ip address
no atm ilmi-keepalive
bundle-enable
dsl operating-mode auto
!
interface ATM0/0/0.1 point-to-point
ip address xx.xx.xx.xx 255.255.255.0
ip nat outside
pvc 8/32
!
!
!
interface Virtual-Template1
ip unnumbered FastEthernet0/0
no ip redirects
ip route-cache flow
peer default ip address pool vpdnpptp
no keepalive
ppp authentication chap eap ms-chap ms-chap-v2 pap
!
ip local pool vpdnpptp 192.168.47.31 192.168.47.35
ip classless
ip route 0.0.0.0 0.0.0.0 ATM0/0/0.1
!
ip http server
no ip http secure-server
ip nat inside source list 1 interface ATM0/0/0.1 overload
ip nat inside source static tcp 192.168.47.39 1026 interface FastEthernet0/0 1026
!
!
access-list 1 permit 192.168.47.0 0.0.0.255
access-list 101 deny tcp any any eq 1212
access-list 101 deny tcp any any eq 1213
access-list 101 deny tcp any any eq 6346
access-list 101 deny tcp any any eq 6347
access-list 101 deny tcp any any eq 1233
access-list 101 deny tcp any any eq 1234
access-list 101 deny tcp any any eq 1235
access-list 101 deny tcp any any eq 1214
access-list 101 deny udp any any eq 1214
access-list 101 permit ip any any
access-list 101 deny tcp any any gt 9000
!
!
!
control-plane
!
!
line con 0
password xxxxxx
login
line aux 0
line vty 0 4
password xxxxxx
login
!
scheduler allocate 20000 1000
sntp server 192.168.47.5
!
end
