1

I'm trying to setup remote access to a security DVR inside of a client's network. The network admin has setup port forwarding on their Cisco 1841 - each device (there are two DVRs) requires a single port for access.

External IP:2000 --> DVR1:2000
External IP:2010 --> DVR2:2000

This works - I can use the client application to connect to the two external ports, and I get back security footage from the DVRs.

However, after about 45 seconds the connection terminates. I can immediately reconnect, but always lose the connection after about 45 seconds. I've tried this from two different remote locations and get the same problem.

The manufacturer's (DigiMerge) tech support has confirmed that the devices are setup properly (current firmware, etc). We can connect using the client software from within the network without any problems. We only have problems when connecting remotely.

Prior to this, the firewall was locked down except for SSH access.

I suspect (as does tech support) that the problem is in the router configuration. However, I am not the network admin, and I don't want to just push the problem off on him without having something to back it up.

My questions are:

  1. any suggestions on how to better diagnose this problem?
  2. what kind of settings or configuration on the router might cause this behavior?
Jason
  • 193
  • 5

1 Answers1

0

Port 2000 is the Skinny Call Control Protocol, Your DVR should not use this port as it's reserved for another usage.
Many firewall like Cisco ASA or PIX will do inpection when paquet cross the firewall using the port 2000. This is probably why you lost the connection after 45s. The firewall detect that you are not using the Skinny Call Control Protocol and drop the connection.

So take a look to any firewall between routers and DVR and disable Skinny inspection (or better, use another port than port 2000)

radius
  • 9,633
  • 25
  • 45
  • Thanks for the info. Is there a list of other Cisco port numbers that I shouldn't use? I'd hate to randomly pick one and find out that it has the same problem. – Jason Aug 12 '10 at 13:54
  • Cisco or not Cisco is not the question, your DVR network protocol should use protocol registered at IANA to avoid conflict. Anyway if they did not, pick a port that is not yet regisered. Look at the list of registered port and port non registered but widly used here http://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers – radius Aug 12 '10 at 14:10
  • Thanks. 2000 is the default port used by the manufacturer, so I just assumed that it wouldn't be in conflict. I'll try moving to a different port and see if that fixes it. – Jason Aug 12 '10 at 14:37