Pelco Endura GW5000 Gateway GW5000 Benutzerhandbuch
22
C2694M (7/08)
RESOLVING ROUTER SOURCE ADDRESS AND PORT TRANSLATION
Both the LAN and WAN firewalls can perform network address and port translations on data transmissions as they leave the firewall. The
network address translation (NAT) address and port are the required destination for data transmissions that enter a firewall from a public
Internet location. Video streams sent from the gateway to the Web client must be sent with a NAT address and the port number of the private
port that the Web client has designated to receive the video stream.
network address translation (NAT) address and port are the required destination for data transmissions that enter a firewall from a public
Internet location. Video streams sent from the gateway to the Web client must be sent with a NAT address and the port number of the private
port that the Web client has designated to receive the video stream.
The message used for the automatic port opening of the firewall is also used to inform the gateway of the NAT address and port destination for
the video stream. The message used to open the firewall port is sent from the designated port of the incoming video stream to port 80 on the
gateway. When this message passes through the LAN firewall, the source address and port within the TCP and IP layers of the transmission are
translated to the NAT address and port. A software daemon receives this message on port 80 and exposes the TCP and IP layer to discover the
NAT address and port. The daemon then forwards this information to the gateway video stream redirector. The redirector uses this address and
port as the destination target of the video stream that sends the designated port of that Web client.
the video stream. The message used to open the firewall port is sent from the designated port of the incoming video stream to port 80 on the
gateway. When this message passes through the LAN firewall, the source address and port within the TCP and IP layers of the transmission are
translated to the NAT address and port. A software daemon receives this message on port 80 and exposes the TCP and IP layer to discover the
NAT address and port. The daemon then forwards this information to the gateway video stream redirector. The redirector uses this address and
port as the destination target of the video stream that sends the designated port of that Web client.
For this feature to work properly, port 80 of the LAN firewall must be set to forward User Datagram Protocol (UDP) port to the gateway address.
Figure 18. Application Scenario: Network Diagram
NOTE: The network implementation in Figure 18 is shown as a general representation only and is not intended to show a detailed network
topology. Your actual network will differ, requiring changes or perhaps additional network equipment to accommodate the system as illustrated.
Please contact your Pelco Representative to discuss your specific requirements.
topology. Your actual network will differ, requiring changes or perhaps additional network equipment to accommodate the system as illustrated.
Please contact your Pelco Representative to discuss your specific requirements.
ACCESSING THE ENDURA NETWORK OVER A VIRTUAL PRIVATE NETWORK
A VPN allows users to access the Endura network and the gateway by bypassing any firewalls. If your site supports VPN, you can eliminate the
need to open ports on a firewall. A VPN connection provides secure access to the gateway on the Endura network directly from a remote site.
Such a connection method is recommended for users who intend to access the gateway from sites whose security cannot be controlled or
guaranteed.
need to open ports on a firewall. A VPN connection provides secure access to the gateway on the Endura network directly from a remote site.
Such a connection method is recommended for users who intend to access the gateway from sites whose security cannot be controlled or
guaranteed.
ENDURA
NETWORK
PC
LAN
FIREWALL
WLAN
FIREWALL
GW5000
INTERNET