Cisco Firewall ::ASA5510 - Port Forwards For Polycom Camera
Aug 19, 2012
I am trying to set up a Cisco ASA 5510 running 8.2 to allow a connection to a Polycom camera that sits behind it. What I want to do is forward multiple ports to allow a connection from an outside office. The polycom camera uses the following ports:
1720 tcp
3230-3235 tcp
3230-3253 udp
I got these port numbers from the Polycom web site. So what I did was create a service object as follows:
object-group service All-Polycom-ports
service-object tcp range 3230 3235
service-object tcp eq h323
service-object udp range 3230 3253 My question is how can I use this service object in a static (inside,outside)
command so that I don't have to create multiple commands for the port forwarding. Is this even possible or do I have to sit down and write out around 30 seperate commands to do this. I've been searching the web and it seems a lot of people want to do this but so far I haven't found an answer.
View 3 Replies
ADVERTISEMENT
Jan 8, 2012
I have followed directions and forwarded the two ports to the local machine. I looked in the router setup to find my current public ip address from Comcast say its 98.221.99.99. If I am on the same network as the machine that is receiving the port forwards, and I type http:// 98.221.99.99 in a browser, the forwarding works fine.If I am external/not on the same network, typing http:// 98.221.99.99 in a browser times out. I have tried http:// 98.221.99.99:9000 too (9000 is the port I need forwarded) and that doesn work either.But, I do have remote management enabled for the router and if I am external/not on the same network and I enter http:// 98.221.99.99:8080 in a browser, I get the router login screen and can enter my user name and password and login to the router just fine.
View 11 Replies
View Related
Nov 20, 2012
I'm using PfSense 2.0.1. What im trying to do is connect to a game server I have running here in my house. I can connect to it locally with 192.168.8.6 no problem. I have it port forward correctly so that the rest of the world can connect to it via my WAN ip address. The problem comes is I want to be able to connect to it with my WAN address so that if someone decides to follow me STEAM will show my WAN address not my internal IP address of the server im connected to. I have "Disable NAT Reflection for port forwards" UNCHECKED which is what I am supposed to do according to documentation from PfSEnse. But it still doesn't seem to work.
View 5 Replies
View Related
Sep 26, 2012
Linksys BEFSR41 4.2 Main router 192.168.2.1, if I cascaded a second Linksys BEFSR41 4.2 LAN to LAN 192.168.2.2 would I be able to port forward on the second router? I need more than 10 port forwards.and if so would I have to set the second router up with the internet provider log in and password like the first router?
View 4 Replies
View Related
Apr 19, 2012
Background: currently have a WRT320N, thinking of upgrading to an EA4500 assuming ONE feature has been improved: Port Forwarding.
Scenario: Currently I have a WRT320N router, and while it "does everything we need" it has one limitation that is now getting in the way: limitation on number of forwardable ports. In the port forwarding panel, it has 15 total rows: the first five rows can be enabled for specificaly named services (SMTP, FTP, etc). The last 10 rows are fully customizable in that we can set the name, ports and protocol.
The problem is that of the 13 total ports I currently need to forward, only ONE of them is listed in that fixed list. So, sadly, I can only use one of those first five rows. I've now filled the remaining ten custom rows, and still have need for two additional ports (for now, may need more down the road).
Trying to get creative, I figured maybe I could just spill over to the Port Range Forwarding page and add a row or two there. The only problem: it's buggy. I've found that if the Single Port Forwarding list is filled, then the Port Forwarding Range entries don't work properly. For example, if I wanted ports 12345 and 12346 forwarded to 192.168.1.5, they work fine with two single port forwarding entries. However, if I delete those, add two other port lines I need forwarded (the single list being full again), and add a port forwarding range 12345..12346, they don't work properly, ports just are closed. Only the singles work, the ranges don't.
Question: Has the EA4500 resolved this issue and allow for either more lines (i.e. 20 customizable entries instead of 10), or, better, does it just have an [Add Entry] button to allow for additional rows to be created? In today's day and age, where one single device (such as an Xbox) can take four rows, a 10-row limit is pretty sparse. Comparing it to some competitors, for example the D-Link DIR-825 (aging, but still great) allows you to add as many as you want.
I realize "expensive" firewalls like SonicWall's have virtually unlimited customization, but I don't need many of the additional features and don't want to spend $350 on a "high-end" firewall to solve the problem of needing two more ports open.
View 4 Replies
View Related
Dec 28, 2012
I am encountering some problems setting up my new polycom hdx 8000 behind ASA 5540?I have opened reuired ports through the firewall ( incoming and outgoing). I have enabled inspection h323 on ASA and enabled the option NAT is 323 compatible on Polycom.
3230-3243 tcp
h323 tcp
h323 udp
3230-3285 udp
Here is the problem.I get connected to the call but I cannot the remote site cannot see and hear me.But I can see and hear them.
View 9 Replies
View Related
Mar 3, 2013
I was enabling all the ports for testing on an asa 5510 and once I got to port e0/3 I got this error:
ciscoasa(config-if)# int e0/0
ciscoasa(config-if)# no shut
ciscoasa(config-if)# int e0/1
[Code]....
On the asa theres 4 ethernet ports 0 - 3 don't understand why port e0/3 is not listed. When a cable is connected the led's for that port goes green. Is the port just bad or is there a work around?
View 4 Replies
View Related
Jul 30, 2012
I have an ASA5510 and I would like to implement something like this: have two ports patched in and ready but only one active, the other one in standby (when the first one goes down the other port comes up and all the traffic goes down this way), all these on one physical box. So, it's basically like port failover on the same box.
View 1 Replies
View Related
Jul 20, 2011
I have this problem with the Polycom Video Conferencing (HDX 7000) While we can initiate a video call to other locations, we can not receive a video call from other locations. Whenever there is a incoming call, the polycom is ringing fine. but once we answer the call, the call will be disconnected. Our access rules are listed below, 203.125.99.99 is our public IP for example.
View 1 Replies
View Related
Jun 15, 2011
We are trying to get a video conference system (POLYCOM) up running. Thrue a Cisco 1812 router with Firewall feature set.
I Have heard in the past that there should be issues with Polycom and Cisco, but have actually never seen it.I can establish a video call from inside the 1812 to outside.
But when I try from outside to the public ip adress there is nattet to, then it reach the video system and die straight after, so there is never any video session set up.
I have tried to remove everything regarding firewall feature and passing true, so the only thing the 1812 should do is NAT. And still the same.
I can not see anything in the log on the router from the ACL's where I permittet everything, other then it connect on the port TCP 1720, as it should. This is the software I'm running on the router:
Cisco IOS Software, C181X Software (C181X-ADVIPSERVICESK9-M), Version 12.4(15)T3, RELEASE SOFTWARE (fc1)
When I search Google, it look like there is a lot issues with Cisco and Polycom, but I have not found any concret solution. Other then I should use a ADSL line with a public IP address. As we probably is going to do.
View 6 Replies
View Related
Apr 11, 2013
Using packet tracer I get an error saying:
Config
nat(inside) 1.0.0.0.0.0.0.0.0
match ip inside andy inside any
dynamic translaion to pool 1 (matching global)
translate_hits=45236,untranslate_hits=0
I cannot access my polycom unit on 172.20.16.8 via 10.20.60.8 below is my results of show run Result of the command: "show run"
: Saved
:
ASA Version 8.2(2)
!
hostname ciscoasa-stt
domain-name stt.vidol.gov
enable password qXcSIHaSa9B75GQC encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
[code]....
View 1 Replies
View Related
Jan 29, 2013
I configured ASA to open port 21, 3389, 5900 (outside access in) but when i check port just success : 21 and 3389, Error: 5900 If i configured with only one port 5900 or 3389, is't ok, i don't understand what 's the problem?
ASA5510>
ASA5510> ena
Password: ***********************
ASA5510# show run
: Saved
[code]....
View 7 Replies
View Related
Dec 17, 2012
I'm looking for an example config of how to run dual ISPs while doing port fowarding for one of the publicly facing IPs. This is on 8.4 so
View 1 Replies
View Related
Oct 5, 2011
I've cloned the configuration off one of my ASA5510's to another 5510 to use as a template for a new data center deploy. I have configured the new firewalls networks and rules, and of course changed the WAN IP config to its new setting.
I want to test the firewall in y office before I deploy it. How should I configure my Macbooks ethernet configuraiton to test the firewall?, as I have tried without success to connect to it.
Let's say that my WAN configuration is 134.5.169.98/255.255.255.224 with a static route of IP address 0.0.0.0, Netmask 0.0.0.0 and a gateway IP of 134.5.169.97.
I've tried setting the route to force all traffic through the interface (sudo route add 0.0.0.0/1 134.5.169.98), but that did not work either. A trace route to the external interface IP of the firewall (or the external IP of an expose server) get's a "no route to host" error.
I've tried many configurations and have not been able to access the internal servers/services/VPN at all.I've also tried with a cross over, and straight through cables.
What should I configure my macbooks network configuration as so I can connect directly to the WAN port to test external access to the internal servers/services and test the VPN client?
View 8 Replies
View Related
Aug 7, 2011
I am using an ASA5510 for internal firewalling in my QA environment. How do I allow RDP from one subnet to those protected by the firewall? Preferably using the ASDM.
View 25 Replies
View Related
Dec 26, 2010
Running FWSM Firewall Version 3.1(4)
The problem is that calls originating from the outside of the firewall to the inside will ring but you cannot answer. The internal video conference server is a Polycom HDX 7000. There are ANY/ANY rules to/from this server and the default application inspection policy is set for h323/ras/h225 as follows:
[code]...
View 2 Replies
View Related
Jun 6, 2012
ASA 5510 have two model Bun-K9 and Sec-Bun-K9 from the datasheet find out difference Port related and Redundancy. My questions is : Have any major difference for Security service between two model ?
View 3 Replies
View Related
Dec 10, 2012
I have an IP camera (foscam). It's connected to my wireless router. My router is connected to my motorola cable modem. My isp is Cox.I want to be able to view this camera from outside (ie: when I'm at work) by going to http://(my real ip) : (port). Port that I use is 88. I can't seem to do this.
First I set the port 88 to the camera's config. I can see the camera when I'm at home (going to 192.168.1.106:88). Reading the manual, I need to forward the port 88. So I go to my linksys wireless router 192.168.1.1 and single-port forward 88 UDP TCP (both) to 192.168.1.106.This doesn't solve the problem.I go to Open Port Check Tool and put in port 88 and it says I could not see your service on (my real ip) on port (88)
View 9 Replies
View Related
Jan 9, 2013
My modem/router is Riger and model is DB108-WL. I had set Port Forwarding in my modem/router configuration page using web [URL] had disable the uPNP setting in both the modem/router and camera setting page. Besides, also disable the firewall on the modem/router and on my laptop (Windows firewall and McAfee antivirus)My camera static IP address details are listed as below:
IPv4 Address: 192.168.1.8
Subnet Mask: 255.255.255.0
Default Gateway: 192.168.1.1
Primary DNS: 192.168.1.1
Port number: 8080
I am able to access my IP Camera using local LAN network by using web [URL] but unable to access from external network WAN using internet by using web http://*External IP Address*:8080 My ISP provide a dynamic external IP address so my external IP Address will change each time I connect to internet network. To trace this, I used IPchicken website IP Chicken - Whats my IP address? ip address lookup to identify my modem/router Public IP address. I used my smartphone to access this external IP Address in order to prevent NAT Loopback issue but still can not access.
1) Do I need to have my host computer turn on at home in order for me to access the IP Camera from external WAN network which is internet from anywhere outside? Or just turn on my modem/router and IP Camera will do?
2) I had read a lot of blogs and forums from the past 2 weeks about Port Forwarding. From one of the forum, it mentioned need to setup 2 ports for Port Forwarding in order to get IP Camera access from external network. One for web interface which use port 80 and another one for video streaming which is port 1024. So, is it true for every IP Camera to configure 2 ports forwarding in order to get access from external network?
3) If I can access the IP Camera from local LAN network, does it mean my laptop Windows firewall and McAfee antivirus setting is ok for access from external network?
4)Is it a reliable method to use smartphone as a test to try out whether my setting is ok to access the IP Camera from external network? My smartphone is Android 2.3 OS and able to access the IP Camera when connected to my modem/router using WIFI (local LAN access). When key in external IP address using 3G network, it can not access.
View 19 Replies
View Related
Oct 26, 2011
I've configured my rounter but am having a firewall issue, I think.I'm trying to connect remotely to an IP Camera.I've set the port forwarding on my router for port 8081 to forward to the IP of my camera.I've set the firewall aswell to allow traffic from the WAN to the IP of my camera.
View 1 Replies
View Related
Feb 15, 2012
I am trying to forward a port to see a camera over the internet. On the single port forwarding screen under Gaming, I have put in port 8090 (Ext and Int),Protocal both, an IP address and Enabled. I have also tried putting in a range, but neither seems to work. After forwarding the port, I check with What's My IP Addrewss to get the external IP, then put the IP in a blank browser page with and without the port number. I have tried this several times without any result.
View 9 Replies
View Related
May 25, 2012
I want to forwards some ports for my PS3 however. I am using [URL] to do it. I use IE, I go to port forward, I set everything up like it shows and put in my PS3 IP, and I choose save settings. When it comes back after rebooting, nothing is saved. Everything I put in has vanished.
View 5 Replies
View Related
Jan 17, 2013
I have a Huawei 523a Router at the moment and I'm trying to setup a IP camera.The Router doesnt allow port forwarding, so my question is can I add another Router onto the Huawei router to allow the second one to work my camera
View 10 Replies
View Related
Feb 7, 2013
I am wanting to access my IP camera over the Internet. I am not a computer wiz by any stretch and after a couple of failed attempts. My ISP is Comcast and they say that I have dynamic dns and should have no issues viewing my cameras. I know how to get to the port forwarding area of the router but am confused as to which ports to forward. The set up instructions for the camera (Airsight) suck. Screen shots of the set up don't match the actual router
View 7 Replies
View Related
Apr 19, 2013
I am building a new VPN Anyconnect solution. I want the traffic to enter a interface and that traffic should be forwarded to my "VPN-Machine".
The system is a ASA5520 with old software, I am not at work now so i cannot tell exactly.
So my question is, how do i make the traffic enter one interface and being forwarded to another? I have splitted the physical interface to several sub-interfaces.
View 5 Replies
View Related
May 11, 2012
I asked a question recently about accessing camera via a smartphone but I realize that's not really the correct question. The smartphone works fine locally with wifi and has a browser available.
The real question I have is what is the easiest way to access any camera via a browser from a remote location. Years ago tech friend assisted me access my DCS-910 using dyndns.org. It was free and worked great. I guess it went away when they started charging for a basic account.
Is there an easy way to access a camera without using dyndns even if it involves putting in an IP address instead of a convenient domain name? I would just like to see at least one of my cameras in a browser off-site. If I have to pay $20/year for dyndns I can but I would prefer not to if possible.
View 2 Replies
View Related
Mar 28, 2012
i've some trouble configuring a TDM switch PRI-to-PRI from Telco to an RMX 1500. After a lot of hours spent on configuration now i can receive and make call from the RMX, but only two channels. When I try to make a third call I get "Cause i = 0x82AC - Requested circuit/channel not available" This is the HW configuration: Cisco 2811 (IOS Version 12.4(25c)) with 2 VWIC2-2MFT-T1/E1, 16-PVDM2 and 64-PVDM2 on the first VWIC i've two Telco PRI (each with 15 bi-directional channel), on the second VWIC i've connected with E1 cross-cable the RMX 1500 with 6 timeslots configured, This router already doing VoIP translation from the Telco PRI to an Asterisk PBX (fax and DID).
View 3 Replies
View Related
Jan 17, 2012
Site A Cisco 2911 -- 2 T1 WIC. One going to Site B 1841 another going to Site C 1841.I am looking for a way to setup a Polycom QOS, judging by several forum posts about this, would it be better to create an access list with the Polycom IPs to limit the bandwidth to 512Kbps? Or if not, a link for Polycom QOS configs? What is happening is when noone else is using the connection except for the video conference, after about an hour with the T1 not being 100 % utilized, the 2911 GE0/0 interface will start developing input queue errors. What I usually have to do is reboot the router at night and that alleviates the problem since regular data traffic will not cause this problem.
Current configuration : 3529 bytes
version 15.0
service timestamps debug datetime msec
service timestamps log datetime msec localtime show-timezone year
service password-encryption
[Code] .....
View 1 Replies
View Related
Apr 19, 2012
I have a camera set up in my kitchen and it works and I can view it in our house, on other computers or my iphone. But I can't view it from my work or anywhere outside our wireless range.It is a DCS-920. I have opened port 80, and checked it with a port checker and it says its open. I have bell as a provider with a 2 wire 2701hg-g modem.I read on here about someone else not having a gateway address or primary DNS. I don't know what to put in there. My camera address is 192.168.2.20.
View 4 Replies
View Related
Jun 11, 2012
I am able to ping from Switch to firewall inside ip and user desktop ip but unable to ping from user desktop to FW Inside ip.. config is below for both switch and FW Cisco ASA5510....
TechCore-SW#ping 172.22.15.10
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.22.15.10, timeout is 2 seconds:
[Code].....
View 7 Replies
View Related
May 29, 2013
I just installed a refurb'd 3560 48 port POE switch and configured all ports on VLAN100. All Polycom IP 430 phones (with power adapter and without power adapter) constantly reboot every couple minutes. Any Cisco 7960 phone does not constantly reboot and works correctly. When I plug a small unmanaged switch into a 3560 port and then plug the Polycom phone into the unmanaged switch powering the phone with a power adapter, the phone works correctly. So it seems that the 3560 is causing the Polycom to reboot.
View 3 Replies
View Related
May 15, 2012
I would like to know if there an specific configuration in order to apply QoS configuration in Switches 3750X for Polycoms Phones.I was reviewing the information from Cisco but mostly of them apply only for cisco phones, and just some or basic for non cisco phones.
View 1 Replies
View Related
Jun 29, 2011
I have two ASA5510's set up in failover, and the secondary keeps crashing after doing the interface checks when bringing failover up. This only happens if I try to upgrade the image on the secondary to anything newer than 8.4.1 (I've tried with 8.4.1-11 and 8.4.2). The primary one run just fine with new images.
I don't have the exact error right now, as I need to do a screen capture from console. It's just a huge crash dump.Are there anything I might have missed during the upgrade? Should I cold-boot both the firewalls in the correct order?
View 7 Replies
View Related
