NAT Rules, ASA and remote security cams?

Question

jlego 15 Posting Pro

13 Years Ago

i have two locations, 1 corporate and 1 remote store. they are connected via site-to-site vpns using 2 cisco asa's

the remote store has a security system, which is accessible via a web browser. from my corporate location you can view the cams no problem.

if you VPN into the corporate location, and try to view the cams you can not..

one of the owners wishes to see the cam when he VPNs.

whenever you are at corporate, your ip addresses resides on the subnet 192.168.1.x whenever you are VPNd you are assigned an ip in the range of 10.0.1.0/24

one thing i saw in the NAT Rules is an inside rule, type exempt source inside-network/24 destination 192.168.1.0/24 interface outbound

if i add a new rule type exempt source inside-network/24 destination 10.0.1.0/24 interface outbound

will this give the VPN users access to the security CAMs ?

or am i way off point?

thanks

2 Contributors
7 Replies
248 Views
4 Days Discussion Span
Latest Post 13 Years Ago Latest Post by jlego

skipdn 0 Newbie Poster

13 Years Ago

Do you have a static IP address for the security camera server? And right now, could the owner use a web browser to view the cams?

skipdn 0 Newbie Poster

13 Years Ago

I have never done that. Not good at sisco routers, but it seems a rule would have to be applied to allow that connection. I have my cam server outside the lan here & can be accessed from any browser, anywhere, but not through our vpn. Did that because I didnt know how to configure the router. Maybe someone here knows what needs to be done. Good luck

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

jlego 15 Posting Pro · Answer 1 · 2011-01-29T01:08:52+00:00

yes, the camera server has an internal static, 192.168.3.11.
if the owner is on the network (in that particular store or corporate) he can view the security camera using a web browser.

if the owner is connected via vpn, he cannot view the security camera..

whenever you are VPNd, you can not even ping any ips from the remote stores subnet (any remote store).. the vpn assigns IPs in the range of 10.0.1.x.. at corporate you are assigned 192.168.1.x and can see anything at the remote location 192.168.3.x

the stores are connected via bi-directional site-to-site vpns using the ASAs.

hopefully that answers some questions

jlego 15 Posting Pro · Answer 2 · 2011-01-29T01:10:18+00:00

i can configure an ACL and NAT rule that allow the camera to be viewable using the static outside ip assigned by the ISP. however this isnt the setup i am looking for, i would like it to work whenever the user is connected via vpn.

jlego 15 Posting Pro · Answer 3 · 2011-01-31T20:35:43+00:00

i asked the same question on stackoverflow.com http://serverfault.com/questions/228531/giving-vpn-connections-access-to-all-locations

this might be able to help you as well, he said i need to setup static routes under the vpn users for the remote locations, once that is setup VPN will see the remote stores same as the site-to-site vpn

skipdn 0 Newbie Poster · Answer 4 · 2011-01-31T22:38:57+00:00

Thanks for that info, I printed it out for future ref. Sounds like a big headache though... I'd have have to study our router and configuration for quite a while before I'd attempt it. Have a great day

jlego 15 Posting Pro · Answer 5 · 2011-01-31T23:55:23+00:00

thats what im doing lol. i came to this company and everything was setup with shitty configurations. im now working on learning the ASA configuration and trying to reconfigure it properly. glad that helped though, you too.