NTL1991
n3wb
So I finally got a couple Dahua cameras from Andy (IPC-HDW5231R-ZE's). I've got BlueIris running on my server and I'd like some ideas for my network setup from networking geeks like me. My home network is essentially a Cisco lab, and I'd like to tie the IP Cameras in securely and efficiently.
So far, I've got the BI server (4x 1GE NIC) set up with all four interfaces teamed and connected to VLAN5 (IP-Cameras Network) on the Cisco 3560 POE switch.
NATing to the internet is done on a Cisco ASA5520 firewall. The ASA is configured for Remote Access IPSec VPN. The 3560 POE Layer-3 switch is doing the routing between VLANs.
To access BlueIris remotely through the mobile app, I connect to the IPsec VPN first. It's a pain, but it's secure. I have the LAN and WAN addresses in the BI app set for 10.1.5.5:81 (The VLAN5 address of the BI server).
My Dahua cameras have statically assigned IP addresses of 10.1.5.10 and 10.1.5.11, in VLAN5. They are currently assigned default gateway addresses for software updates.
What rules should I be setting in my ASA to secure the cameras/server from the outside?
So far, I've got the BI server (4x 1GE NIC) set up with all four interfaces teamed and connected to VLAN5 (IP-Cameras Network) on the Cisco 3560 POE switch.
NATing to the internet is done on a Cisco ASA5520 firewall. The ASA is configured for Remote Access IPSec VPN. The 3560 POE Layer-3 switch is doing the routing between VLANs.
To access BlueIris remotely through the mobile app, I connect to the IPsec VPN first. It's a pain, but it's secure. I have the LAN and WAN addresses in the BI app set for 10.1.5.5:81 (The VLAN5 address of the BI server).
My Dahua cameras have statically assigned IP addresses of 10.1.5.10 and 10.1.5.11, in VLAN5. They are currently assigned default gateway addresses for software updates.
What rules should I be setting in my ASA to secure the cameras/server from the outside?