• Home

  • Documents

  • Smart Tips - Cisco...broadband Internet connection receives a dynamic public IP address from the...
6
Enabling WAN Public Access with DDNS and Port Page 1 Smart Tips Enabling WAN Public Access with DDNS and Port Forwarding This Smart Tip document provides step-by-step guidance for configuring dynamic DDNS (DDNS) and port forwarding on Cisco small business routers for providing secure access to an internal web server and an IP video camera from the public Internet. Overview Cisco Small Business routers provide an advanced Internet-sharing network solution to meet the needs of small businesses. Multiple computers in the small business office can share the Internet connection through connections with its integrated switch ports, attached switches or wireless access points. The router’s 10/100 Ethernet WAN interface connects directly to the broadband DSL or to a cable modem with VPN and Firewall capability. However, providing access from the public Internet to network servers, network services, or IP video surveillance cameras on the internal network is challenging due to the following reasons: The internal local area network (LAN) must be fully protected from unauthorized users on the public Internet by a firewall, which prevents inbound connections except for authorized access to specific network resources. Private IP addresses are assigned to the hosts in the internal network to reduce the usage of public IP addresses, of which there is a limited supply. For these hosts to communicate with the public Internet, network address translation (NAT) must translate each private IP address to a public IP address. Many small businesses today use broadband Internet connections. The broadband Internet connection receives a dynamic public IP address from the service provider, which is not static and may change frequently. Combining the router’s dynamic DDNS and port forwarding features provides a simple solution that allows controlled, secure access to the router’s WAN interface and the internal network from the public Internet. Key Features Dynamic DNS Dynamic DNS (DDNS) is a service that maps Internet domain names to IP addresses. Unlike DNS, which only works with static IP addresses, DDNS is designed to support dynamic IP addresses, such as those assigned by a DHCP service. DDNS is a good fit for small business networks that receive dynamic public addresses from an Internet service provider. Some DDNS providers, such as dyndns.com, provide dynamic DDNS services free of charge. To use it, sign up with a DDNS provider, add the Fully Qualified Domain Name (FQDN) for the router, and configure the Cisco router to automatically update the WAN IP address associated with its FQDN. Now you can access the network resource and WAN router using the FQDN without knowing its current public IP address. Port Forwarding Port forwarding opens a specific TCP or UDP port to a server behind the router firewall, allowing all incoming traffic on that port to be sent directly to the specific server. This feature permits connections between external hosts and services within a private LAN. Figure 1 DDNS and Port Forwarding Network Diagram 213155 WAN Router WAN IP: Dynamic (e.g. 128.107.139.104) DDNS Host: myrv120w.dyndns.org Internal Server: 192.168.1.100 IP Video Camera: 192.168.1.90 http://myrv120w.dyndns.org http://myrv120w.dyndns.org:1028 rtsp://myrv120w.dyndns.org/mobile.sdp LAN Internet

Smart Tips - Cisco...broadband Internet connection receives a dynamic public IP address from the service provider, which is not static and may change frequently. Combining the router’s

  • Upload
    others

  • View
    8

  • Download
    0

Embed Size (px)

Citation preview

Page 1: Smart Tips - Cisco...broadband Internet connection receives a dynamic public IP address from the service provider, which is not static and may change frequently. Combining the router’s

Enabling WAN Pub Page 1

Smart T

Enabling WAand Port ForThis Smart Tip documeDDNS (DDNS) and portsecure access to an intInternet.

OverviewCisco Small Business roto meet the needs of smoffice can share the Inteswitch ports, attached sEthernet WAN interfacewith VPN and Firewall c

However, providing accservices, or IP video surto the following reasons

• The internal local ausers on the pubexcept for autho

• Private IP addrethe usage of pubhosts to communmust translate ea

• Many small busibroadband Interservice provider

Combining the routesimple solution that aand the internal netw

aps Internet domain names to IP addresses. c IP addresses, DDNS is designed to support ssigned by a DHCP service. DDNS is a good ive dynamic public addresses from an

.com, provide dynamic DDNS services free of rovider, add the Fully Qualified Domain Name Cisco router to automatically update the WAN ow you can access the network resource and owing its current public IP address.

UDP port to a server behind the router firewall, o be sent directly to the specific server. This ternal hosts and services within a private LAN.

ing Network Diagram

2131

55

WAN Router

IP: Dynamic (e.g. 128.107.139.104)DNS Host: myrv120w.dyndns.org

Internal Server:192.168.1.100

IP Video Camera:192.168.1.90LAN

lic Access with DDNS and Port

lic Internet by a firewall, which prevents inbound connections rized access to specific network resources.

sses are assigned to the hosts in the internal network to reduce lic IP addresses, of which there is a limited supply. For these icate with the public Internet, network address translation (NAT) ch private IP address to a public IP address.

nesses today use broadband Internet connections. The net connection receives a dynamic public IP address from the , which is not static and may change frequently.

r’s dynamic DDNS and port forwarding features provides a llows controlled, secure access to the router’s WAN interface ork from the public Internet.

Figure 1 DDNS and Port Forward

WAND

http://myrv120w.dyndns.org

http://myrv120w.dyndns.org:1028rtsp://myrv120w.dyndns.org/mobile.sdp

Internet

ips

N Public Access with DDNS warding

nt provides step-by-step guidance for configuring dynamic forwarding on Cisco small business routers for providing ernal web server and an IP video camera from the public

uters provide an advanced Internet-sharing network solution all businesses. Multiple computers in the small business rnet connection through connections with its integrated witches or wireless access points. The router’s 10/100

connects directly to the broadband DSL or to a cable modem apability.

ess from the public Internet to network servers, network veillance cameras on the internal network is challenging due :

rea network (LAN) must be fully protected from unauthorized

Key Features

Dynamic DNSDynamic DNS (DDNS) is a service that mUnlike DNS, which only works with statidynamic IP addresses, such as those afit for small business networks that receInternet service provider.

Some DDNS providers, such as dyndnscharge. To use it, sign up with a DDNS p(FQDN) for the router, and configure theIP address associated with its FQDN. NWAN router using the FQDN without kn

Port ForwardingPort forwarding opens a specific TCP orallowing all incoming traffic on that port tfeature permits connections between ex

Page 2: Smart Tips - Cisco...broadband Internet connection receives a dynamic public IP address from the service provider, which is not static and may change frequently. Combining the router’s

S and Port Forwarding on Cisco Small S

En Page 2

F •

• •

DWorisac

DdThThw

PCroitsd

Lthgpa

NFC

TNFmIn

P

n IP video camera 192.168.1.90o camera RTSP port

d mobile devices can access internal lications from the public Internet.

nd Port Forwarding on s Routerst

he WAN port on the RV router and the em. Turn on the RV router and then connect eras to the LAN switch or the switch ports on Business Smart Tips document regarding ANs and trunks to complete the LAN

rotected by the RV router firewall are able to the router. Ensure that the internal web

00 and change the WVC210 IP video camera 0. Refer to the IP Video Surveillance Smart the IP address of WVC210 IP video camera.

s r is set to get its IP address dynamically from nabled by default. There is no further WAN access.

IPv4 WAN Configuration and verify that the ers are set to Get Dynamically from ISP.

ally by the ISP, set the IP address source to r the specific IP address, subnet mask and ded by the ISP.

abling WAN Public Access with DDNS and Port

ddress configured should not be part of the same DHCP address pool.

etwork Diagramigure 1 illustrates a sample implementation of DDNS and port forwarding using a isco small business router.

he WAN router receives its IP address dynamically and has both the firewall and AT enabled by default. In this example, the WAN router can be accessed by its QDN (myrv120w.dyndns.org). To make this work, the DDNS host entry yrv120w.dyndns.org is mapped to the dynamic IP address of the router’s WAN terface.

ort forwarding is configured as follows:

• Forward port 80 to port 80 on the web server on the internal LAN (192.168.1.100)

Step 1 Go to Networking > WAN > Internet address source and DNS serv

Note If the address is assigned staticUse Static IP Address and entedefault router information provi

Configuring DDNmart Tips for Small Businesses

eatured ProductsCisco RV120W Wireless-N VPN Firewall Router (GUI configuration screens of this router are shown in this document as an example)Cisco RV220W Wireless-N Network Security FirewallCisco RV042, RV042G, RV082, RV016, RVL200, WRVS4400N, and WRV210 small business routersCisco RV180/180W Wireless-N Multifunction VPN Firewall

esign TipsAN IP Address—The ISP may provide either a dynamically assigned IP address a statically assigned IP address to the WAN router. For a static IP address, DDNS not necessary, and using the IP address with port forwarding is sufficient to cess the server from the Internet.

DNS—An account needs to be created on the DDNS provider such as yndns.com or tzo.com. Within the account, various DDNS host entries are created.

e administrator should create a DDNS host name for the router WAN IP address. e router is configured to update the DDNS entry instantly through HTTP

henever the IP address is changed.

ort Forwarding—It is important to know the service ports that the server uses. ommon service ports such as web service or e-mail service are predefined on the uter for easy configuration. Any customized service can also be created based on TCP or UDP ports number. Port forwarding simplifies the configuration when you

o not deploy the same service on multiple servers.

AN IP Address—It is highly recommended that the internal server or IP camera at uses port forwarding is configured with a local static IP address instead of

etting a DHCP address from the router. Using a DHCP address will invalidate the ort forwarding rule if the IP address on the internal device changes. The static IP

• Forward port 1028 to port 80 on a • Forward RTSP protocol to the vide

With this configuration, remote PCs anservices using web browsers and app

Configuring DDNS aCisco Small BusinesPreconfiguration ChecklisConnect the Ethernet cable between tEthernet port on the DSL or cable modinternal PCs, servers, and IP video camthe RV router. Refer to the Cisco Smallconnecting a router and switch with VLsettings.

Make sure the local PCs and servers pcommunicate with each other and withserver has the IP address of 192.168.1.1to use the static IP address 192.168.1.9Setup Guide for guidance configuring

Configuring WAN AccesThe default WAN setting of the RV routethe ISP. The firewall and NAT are also econfiguration needed to enable basic

Page 3: Smart Tips - Cisco...broadband Internet connection receives a dynamic public IP address from the service provider, which is not static and may change frequently. Combining the router’s

S and Port Forwarding on Cisco Small S

En Page 3

Fi

SseD

CInroit

S

1

Ao

2

on the dyndns.com Website

w.dyndns.org is created for the RV router.

.1.1, for now, and click Add to Cart to

etworking > Dynamic DNS to select e.

ost and Domain Name and enter the dyndns.com account.

configure the router to update the host keep the subscription active after the 30-day

update the DDNS entry online, immediately,

the messages: Operation succeeded and ith IP address 128.107.139.104).

abling WAN Public Access with DDNS and Port

s current WAN IP address whenever it changes.

tep 1 Configure the DDNS account.

. If you don’t have a DDNS account, go to http://www.dyndns.com to apply for a DDNS account.

valid e-mail address is required to activate the account. The basic service is free f charge.

. Once the account is approved and activated, log in and go to My Services > My Hosts. Click Add Host Service to create a new DDNS host name for the RV router.

2. Enter myrv120w.dyndns.org for Husername and password for your

3. Check Update every 30 days to information on DynDNS.com and trial.

4. Click Save to cause the router to with its current WAN IP address.

The DDNS setting page now displays WAN (DDNS Status: DDNS updated w

Configuring DDNmart Tips for Small Businesses

gure 2 Verifying WAN Configuration

tep 2 Go to Status > System Summary and in the WAN information (IPv4) ction, verify that the router receives its IP address, subnet mask, gateway, and

NS information from the ISP and that NAT is enabled.

onfigure DDNS Settings this section, we will create the DDNS entry myrv120w.dyndns.org for the WAN uter and configure the WAN router to update this DDNS entry automatically with

Figure 3 Adding a New Hostname

In this example, the host name myrv120

3. Enter any IP address, such as 1.1complete the configuration.

Step 2 Configure the Cisco router.

1. Log into the RV router and Go to NDynDNS.com for the DDNS servic

http://www.dyndns.com
Page 4: Smart Tips - Cisco...broadband Internet connection receives a dynamic public IP address from the service provider, which is not static and may change frequently. Combining the router’s

S and Port Forwarding on Cisco Small S

En Page 4

Fi

N

CIn1frhhu

S

1

2

3

n

rule for internal Web server access.

port 80) will be redirected to the HTTP port for

and click Add.

he Action to Always Allow, and select Any selection list.

ddress (192.168.1.100) for Destination IP.

r Forward to Port and click Save.

summary.

abling WAN Public Access with DDNS and Port

92.168.1.100 and an internal IP video camera with the IP address 192.168.1.90. Users om the public Internet will then be able to access the web server using ttp://myrv120w.dyndns.org and to access the IP video camera web page using ttp://myrv120w.dyndns.org:1028 or the IP video camera’s RTSP stream directly sing rtsp://myrv120w.dyndns.org/mobile.sdp.

tep 1 Create a new service to be used for port forwarding.

. Go to Firewall > Access Control > Custom Service.

. Click Add to create a service for TCP port 1028.

. Enter TCP_1028 for the name and specify TCP as the Type and set both Start Port and Finish Port to 1028.

Configuring DDNmart Tips for Small Businesses

gure 4 DDNS Setting Page

ote For the DDNS settings to take effect immediately, the router must have an active Internet connection. You can also log into dyndns.com to verify that the host entry has a newly updated IP address.

onfiguring Port Forwarding this section, you will configure port forwarding for the internal web server

Figure 5 Custom Services Scree

Step 2 Add the first port forwarding

After creating this rule, HTTP traffic (TCPthe internal web server (192.168.1.100).

1. Go to Firewall > Port Forwarding2. Select HTTP in Service, change t

from the Source Users pull-down

3. Enter the internal web server IP a

4. Select Same as incoming port fo

A rule should now be displayed in the

Page 5: Smart Tips - Cisco...broadband Internet connection receives a dynamic public IP address from the service provider, which is not static and may change frequently. Combining the router’s

S and Port Forwarding on Cisco Small S

En Page 5

Fi

N

Svi

Ap

1

2

3

Sfo(1

A

onnnected to the public Internet, direct the web .

ontents of the internal web site.

nnected to the public Internet, direct the web :1028.

eb page and video stream for the WVC210

arding

abling WAN Public Access with DDNS and Port

ort for the internal server 192.168.1.90.

. For this rule, select TCP_1028 in the Service section.

. Change the Action to Always Allow and select Any from the Source Users pull-down selection list.

. Enter the IP camera IP address (192.168.1.90), select Specify Port from the Forward to Port pull-down selection list, enter port 80 for the Port Number, and click Save.

tep 4 Repeat the procedure described in Step 2 to create the third rule for rwarding RTSP: TCP service to the same port on the IP video camera 92.168.1.90).

fter completing this step, all three rules should be displayed, as shown in Figure 7.

Configuring DDNmart Tips for Small Businesses

gure 6 Port Forwarding Screen

ote When defining the rules, the source refers to public Internet users and the destination refers to the small business internal LAN.

tep 3 Repeat the procedure described in Step 2 to create the second rule for ewing the web page of IP video camera,.

fter creating this rule, TCP traffic to TCP port 1028 will be redirected to the HTTP

Figure 7 Port Forwarding Entries

Validating the ConfiguratiStep 1 From a client PC or laptop cobrowser to http://myrv120w.dyndns.org

The web browser should display the c

Step 2 From a client PC or laptop cobrowser to http://myrv120w.dyndns.org

The web browser should display the wIP video camera.

Figure 8 Verifying TCP Port Forw

http://myrv120w.dyndns.org
http://myrv120w.dyndns.org:1028
Page 6: Smart Tips - Cisco...broadband Internet connection receives a dynamic public IP address from the service provider, which is not static and may change frequently. Combining the router’s

En Page 6

Other Related FeaturesSm

Stemethe

No

Fig

r Related Featuresitarized Zoneo RV router also supports a demilitarized zone (DMZ) option. A DMZ is a ork that is accessible from the public Internet but which resides behind the he DMZ function redirects packets going to a specific WAN port IP address

icular IP address in the LAN.

ules can be configured to permit access to specific services and ports on from either the LAN or from the public internet. In the event of an attack on e DMZ nodes, the LAN is not necessarily affected. The DMZ can also be h DDNS in a scenario where a single server offering multiple services on the siness network needs to be accessible from the public Internet.

o-One NATo RV router also supports one-to-one NAT, which is a way to make systems firewall with private IP address appear to have public IP addresses. One-to-one be used when the ISP provides a pool of static public IP addresses. It maps the

dress of each server behind the firewall to a unique public IP address. It s a simple solution when small business has T1 or business class broadband on. Usually those services will have much higher cost. However one-to-one NAT ary when multiple servers use the same port, such as multiple web servers

rt 80.

Cis sting of Cisco's trademarks can be found at www.cisco.com/go/trademarks. Third-party trad ip relationship between Cisco and any other company. (1005R)

© 2

abling WAN Public Access with DDNS and Port

co and the Cisco Logo are trademarks of Cisco Systems, Inc. and/or its affiliates in the U.S. and other countries. A liemarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnersh

012 Cisco Systems, Inc. All rights reserved.

art Tips for Small Businesses

p 3 From a smart phone or laptop connected to the public Internet, launch a dia player such as VLC player on the PC to view the RTSP stream directly from WVC IP Video Camera using the link RTSP://myrv120w.dyndns.org/mobile.sdp.

te To verify RTSP forwarding, Mobile Streaming should be already be enabled on the WVC210 IP video camera.

ure 9 Verifying RSTP Forwarding

OtheDemilThe Ciscsubnetwfirewall. Tto a part

Firewall rthe DMZany of thused witsmall bu

One-tThe Ciscbehind aNAT can private adbecomeconnectiis necessusing po

http://www.cisco.com/go/trademarks

Israel Rejects & Receives Messiah

Israel Rejects & Receives Messiah

Spiritual
UNE Receives Awards - UAGM

UNE Receives Awards - UAGM

Documents
Equal gain combining and orthogonality restoring combining

Equal gain combining and orthogonality restoring combining

Technology
Introduction to OSPF - PacNOG · Router LSA (Type 1) •Describes the state and cost of the router’s links to the area •All of the router’s links in an area must be described

Introduction to OSPF - PacNOG · Router LSA (Type 1) •Describes the state and cost of the router’s links to the area •All of the router’s links in an area must be described

Documents
Remainder and Factor Theorem Polynomials Polynomials Polynomials Combining polynomials Combining polynomials Combining polynomials Combining polynomials

Remainder and Factor Theorem Polynomials Polynomials Polynomials Combining polynomials Combining polynomials Combining polynomials Combining polynomials

Documents
Combining & No Combining

Combining & No Combining

Documents
Anti-Combining for MapReduceacs.ict.ac.cn/storage/slides/Anti-Combining_for_Map... · 2016. 9. 7. · reduce task 1 receives all the records with the keys assigned to it by the Partitioner,

Anti-Combining for MapReduceacs.ict.ac.cn/storage/slides/Anti-Combining_for_Map... · 2016. 9. 7. · reduce task 1 receives all the records with the keys assigned to it by the Partitioner,

Documents
Combining Active

Combining Active

Documents
Combining Sentences

Combining Sentences

Documents
JV Alarme système alarme et caméra surveillance - MG/SP: … MANUEL INSTAL.pdf · 2019. 2. 8. · 2) Access your router’s configuration page. Refer to your router’s manual for

JV Alarme système alarme et caméra surveillance - MG/SP: … MANUEL INSTAL.pdf · 2019. 2. 8. · 2) Access your router’s configuration page. Refer to your router’s manual for

Documents
RECEIVES - aris.empr.gov.bc.ca

RECEIVES - aris.empr.gov.bc.ca

Documents
Basic MikroTik Router’s Security · Titas Sarker Founder (Tsoft IT) System administrator (Enosis Solutions) Certificates:(MTCNA,MTCRE,RHCE) Basic MikroTik Router’s Tsoft IT Security

Basic MikroTik Router’s Security · Titas Sarker Founder (Tsoft IT) System administrator (Enosis Solutions) Certificates:(MTCNA,MTCRE,RHCE) Basic MikroTik Router’s Tsoft IT Security

Documents
WCCUSD Receives 1,704 Dictionaries!

WCCUSD Receives 1,704 Dictionaries!

Documents
Combining Substances

Combining Substances

Documents
Combining Drum Fills - s3.amazonaws.coms3.amazonaws.com/drumlessonscom/153-combining-drum-fills.pdf · Combining Drum Fills By: Jared Falk Exercise Fill #1 Start with simply combining

Combining Drum Fills - s3.amazonaws.coms3.amazonaws.com/drumlessonscom/153-combining-drum-fills.pdf · Combining Drum Fills By: Jared Falk Exercise Fill #1 Start with simply combining

Documents
Food Combining

Food Combining

Documents
Combining Stresses

Combining Stresses

Documents
Lab 11: Router’s Buffer Size

Lab 11: Router’s Buffer Size

Documents
Sentence Combining

Sentence Combining

Documents
Nighthawk X10 AD7200 Smart WiFi Router Model - · PDF file4 Join the WiFi Network Using the Router’s WiFi Settings Use the router’s WiFi network name and password to connect your

Nighthawk X10 AD7200 Smart WiFi Router Model - · PDF file4 Join the WiFi Network Using the Router’s WiFi Settings Use the router’s WiFi network name and password to connect your

Documents
President Simmons Receives Award

President Simmons Receives Award

Documents
Coarse Estimation of Bottleneck Router’s Buffer Size for

Coarse Estimation of Bottleneck Router’s Buffer Size for

Documents
combining documentation.docx

combining documentation.docx

Documents
CSA RECEIVES KELLOGG GRANT

CSA RECEIVES KELLOGG GRANT

Documents
Combining Media

Combining Media

Documents
Combining materials

Combining materials

Documents
Combining Sentence!!

Combining Sentence!!

Documents
Atoms combining

Atoms combining

Education
User Guide - TP-Link...2019/08/05  · With Smart Connect enabled, your host router’s 2.4GHz and 5GHz share the same SSID (network name) and password. Refer to your host router’s

User Guide - TP-Link...2019/08/05  · With Smart Connect enabled, your host router’s 2.4GHz and 5GHz share the same SSID (network name) and password. Refer to your host router’s

Documents
RECEIVES & EVALUATES RATE RESPONSE

RECEIVES & EVALUATES RATE RESPONSE

Documents