Pelco GW5000 RESOLVING ROUTER SOURCE ADDRESS AND PORT TRANSLATION, ACCESSING THE ENDURA NETWORK OVER A VIRTUAL PRIVATE NETWORK

22 C2694M (7/08)

RESOLVING ROUTER SOURCE ADDRESS AND PORT TRANSLATION

Both the LAN and WAN firewalls can perform network address and port translations on data transmissions as they leave the fir ewall. The

network address translation (NAT) address and port are the required destination for data transmissions that enter a firewall from a public

Internet location. Video streams sent from the gateway to the Web client must be sent with a NAT address and the port number of the private

port that the Web client has designated to receive the video stream.

The message used for the automatic port opening of the firewall is also used to inform the gateway of the NAT address and port destination for

the video stream. The message used to open the firewall port is sent from the designated port of the incoming video stream to port 80 on the

gateway. When this message passes through the LAN firewall, the source address and port within the TCP and IP layers of the transmission are

translated to the NAT address and port. A software daemon receives this message on port 80 and exposes the TCP and IP layer to discover the

NAT address and port. The daemon then forwards this information to the gateway video stream redirector. The redirector uses this address and

port as the destination target of the video stream that sends the designated port of that Web client.

For this feature to work properly, port 80 of the LAN firewall must be set to forward User Datagram Protocol (UDP) port to the g ateway address.

Figure 18. Application Scenario: Network Diagram

NOTE: The network implementation in Figure18 is shown as a general representation only and is not intended to show a detailed network

topology. Your actual network will differ, requiring changes or perhaps additional network equipment to accommodate the system as illustrated.

Please contact your Pelco Representative to discuss your specific requirements.

ACCESSING THE ENDURA NETWORK OVER A VIRTUAL PRIVATE NETWORK

A VPN allows users to access the Endura network and the gateway by bypassing any firewalls. If your site supports VPN, you can eliminate the

need to open ports on a firewall. A VPN connection provides secure access to the gateway on the Endura network direct ly from a remote site.

Such a connection method is recommended for users who intend to access the gateway from sites whose security cannot be controlled or

guaranteed.

ENDURA

NETWORK

LAN

FIREWALL

WLAN

FIREWALL

GW5000

INTERNET