Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chris Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

PIX 501 nat issue

Status
Not open for further replies.
jacksun0426

jacksun0426

IS-IT--Management
Apr 29, 2009
4
CA
I have a Cisco Pix 501 running and I cannot get a NAT to work. Here's what I need to do:
One of our systems runs a webcam stream, which we want to make available on a website. The service we are using to stream this needs to be able to contact our server that has the cam attached to it so it can pull the stream.
They need to contact our server on port 5700, and I assume it is TCP. Their test uses to check where xxx.xxx.xxx.xxx is my external facing IP.

Here is what I have tried, but it doesn't work. The 192.168.0.100 IP is the server with the cam on it.


access-list camstream_inbound permit tcp any interface outside eq 5700
static (inside,outside) tcp interface 5700 192.168.0.100 5700 netmask 255.255.255.255 0 0
access-group camstream_inbound in interface outside

My external interface is called outside, and my internal is called inside

Any help would be appreciated.

Regards,
Wayne
 
Sort by date Sort by votes
Does the webcam actually run on TCP/5700 or does the external service just use TCP/5700 to connect?? Perhaps the webcam actually runs on say, TCP/80; if this is the case change your static to this:
Code: 
static (inside,outside) tcp interface 5700 192.168.0.100 80 netmask 255.255.255.255

I hate all Uppercase... I don't want my groups to seem angry at me all the time! =)
- ColdFlame (vbscript forum)
 
Upvote 0 Downvote
Actually the camera stream encoder that runs on our server listens on port 5700 for the incoming request from the external service. It isn't actually the webcam, but the encoder application that the external service is trying to connect to.
That request, from everything I have read is on port 5700.

Wayne
 
Upvote 0 Downvote
can you tell me:
1) if you see any deny messages in your logs
2) if you run wireshark on the server can you see the requests reaching the server

I hate all Uppercase... I don't want my groups to seem angry at me all the time! =)
- ColdFlame (vbscript forum)
 
Upvote 0 Downvote
Hi, I don't run wireshark on any machines, I have turned on capture on the firewall but I am not seeing anything at all..I just ran

capture outside to start it, then show capture outside to see anything, is there a more robust log I can turn on or look at?
 
Upvote 0 Downvote
do you have logging enabled??

I hate all Uppercase... I don't want my groups to seem angry at me all the time! =)
- ColdFlame (vbscript forum)
 
Upvote 0 Downvote
I have enabled syslog logging, - logging on command, not sure how I view it though

Wayne
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

intel233
  • Locked
  • Question
Cisco ASA 5510 -Static NAT Help
Replies
8
Views
636
intel233
intel233
Tommy_T
  • Locked
  • Question
Sonic wall - Have an issue remotely connectioning VNC and SMB (and AFP) to one of the 2 ISP circuits
Replies
1
Views
516
nnaarrnn
nnaarrnn
xwray
  • Locked
  • Question
PIX 501 DHCP Server function
Replies
0
Views
110
xwray
xwray
steve777777
  • Locked
  • Question
Cisco ASA VPN+NAT
Replies
0
Views
113
steve777777
steve777777
Jimbo2015
  • Locked
  • Question
Avaya - Watch guard issue with keep alives
Replies
1
Views
172
hairlessupportmonkey
hairlessupportmonkey

Part and Inventory Search

Sponsor

Back
Top