Accesing Camara IP from Cisco 2801

Apgonza · May 29, 2014

Hello. I have an IP camera in the direction 192.168.1.251:8251 and a Cisco 2801 router.
I have a nat to access the camera from outside (3G) and working properly.
From the LAN I can also access through your internal address and port.
The camera reports the public IP address to a DDNS server and an application on my phone connects to the camera through the DDNS server that informs the public IP.
Everything works fine except when I try to access the camera from the phone and this is connected to my home wifi (my internal network). If I'm connected to 3G works fine.
It's as if he knew not reach himself departing from himself ....
Any idea?

Urumiko · May 29, 2014

I think you are having the same problem you would have if you tried to access a webpage you are hosting internally, using the external URL. It wont work because ultimately the source and destination network are the same, and a router wont echo traffic back to the same network it came from.

You need to either:

■Simplest solution: use the IP address of the camera when connecting internally.. if you normally access https://www.myhouseurl.com/camera/login
just use https://192.168.1.251:8251/camera/login instead.. it will work fine.
■ If you have a local DNS server (this might be your router/gateway), add an entry translating the external URL directly to the internal IP so it bypasses directly to the camera.
■ You can do this directly on the end device, In windows you have something called a "hosts file" (google it), its like a local DNS override which you can alter on that machine, but this probably wont be suitable for your phone as you'd need to edit it each time you use 3g.

bill001g · May 29, 2014

Your problem in general is called hairpin NAT. There are only a very small number of routers that can fix this and a cisco ios configuration is messy.

You have 2 problems. First is you need to have the destination address converted to the 192.168.1.251 address by the router. That you can accomplish in a IOS based router with some policy routing and a loopback interface as a outside interface. The configuration is called NAT on a stick.

So now you get the destination address translated correctly and the packet makes it back to the server. Problem is the server will send the traffic directly back to your phone/pc since the address of that devices is on the same subnet. So when the return traffic goes to the device the router can not intercept it and translate the ip back....to make it appear as if it is coming back from the external address. To fix this you must translate the source address also to some other dummy address that is not on the lan...other private addresses are best

So you are going to have to look the details up but what you want to do is.

NAT the SOURCE address of traffic going to external server from the internal lan subnet you likely should use a pool address if you have more than one device that needs to do this.

Policy route traffic destined for the external server from a internal lan to a dummy loopback interface that is defined as a NAT OUTSIDE interface.

Apgonza · May 30, 2014

Thank you both.
I think the solution I like best is that proposed Urumiko.
• If you have a local DNS server (This Might be your router / gateway), add an entry translating the external URL Directly to the internal IP so it bypasses Directly to the camera.
But my skills fail me to insert that line.
Could you tell me exactly the input that should be inserted and that interface?.
I copy my router settings.
Thank you.

User Access Verification

Current configuration : 1942 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
logging message-counter syslog
!
no aaa new-model
dot11 syslog
ip source-route
!
!
ip dhcp excluded-address 192.168.1.230 192.168.1.252
ip dhcp excluded-address 192.168.1.1 192.168.1.2
ip dhcp excluded-address 192.168.1.4 192.168.1.200
!
ip dhcp pool Alberto
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
dns-server xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx
!
!
ip cef
multilink bundle-name authenticated
!
!
!
!
!
!
username xxxxxxxxxxxxxxxxxxxxxxxxx
archive
log config
hidekeys
!
!
!
!
!
interface FastEthernet0/0
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface ATM0/3/0
no ip address
no atm ilmi-keepalive
pvc 8/32
pppoe-client dial-pool-number 1
!
!
interface Dialer0
ip address negotiated
no ip redirects
no ip unreachables
ip nat outside
ip virtual-reassembly
encapsulation ppp
ip tcp adjust-mss 1452
dialer pool 1
dialer-group 1
no cdp enable
ppp authentication pap chap callin
ppp chap hostname xxxxxxxxxxxxxxxxxxxxxxxxx
ppp chap password 0 xxxxxxxxxxxxxx
ppp ipcp dns request
ppp ipcp wins request
ppp ipcp route default
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer0
!
ip http server
ip http authentication local
no ip http secure-server
!
ip nat inside source list 100 interface Dialer0 over
ip nat inside source static tcp 192.168.1.252 8252 interface Dialer0 8252
ip nat inside source static tcp 192.168.1.251 8251 interface Dialer0 8251
!
access-list 100 permit ip any any
!
!
control-plane
!
!
line con 0
line aux 0
line vty 0 4
login local
transport input telnet
transport output none
!
scheduler allocate 20000 1000
end

Router#

bill001g · May 30, 2014

The host entry in the PC will be much easier but if you really want this a cisco document on how to make a router act as a DNS. If there are a lot of DNS requests this could put quite a load on the router.
https://learningnetwork.cisco.com/servlet/JiveServlet/previewBody/6248-102-1-20340/DNS%20Configuration%20of%20Cisco%20Router%20as%20DNS%20Server.pdf

Urumiko · Jun 2, 2014

bill001g - Thanks that's very informative. I've never thought about how you'd remedy it on cisco kit, or known the correct terms

Apgonza - I think bill001g is suggesting the same thing as me he just knows what he's talking about more and is using the correct terms which makes it sound more scary

.

I've never set a router up as a DNS server so cant comment.
Another way to go would be to set up a standalone DNS server, such as UBUNTU + Bind 9. That'll run on just about anything. And you could direct your computers to it using DHCP. It might not be worth the electricity bill for the sake of saving 1 URL in your favorites instead of 2 though

Search

Accesing Camara IP from Cisco 2801

Apgonza

Reputable

Urumiko

Distinguished

bill001g

Titan

Apgonza

Reputable

bill001g

Titan

Urumiko

Distinguished

TRENDING THREADS

Latest posts

Moderators online

Share this page