Port Forwarding for Security Automation Module

[Dalumberjack]

So I'm a newb and I'm stuck

I have the Asus AC87 with firmware 3.0.0.4.376_2769.

I have an home alarm module that is connected wirelessly to my router. On my network at home I have no problem connecting to it, butt connecting to it from the outside world is the problem.

The automation module states, "HTTPS is for remote access. Make sure port 443 is open in the router settings."

In the port forwarding tab under WAN, I enabled port forwarding, my range is 443, entered the local IP address for the module, left local port blank, lastly I selected "Other" for protocol (I think I read it somewhere to put that, not sure).

With these settings I can not get access to my module. I tried all the other protocol settings to no avail. The module has a prompt that should pop up requesting username & PW when accessed from the outside. I did some research, read about doing a ddns. Tried that which I'm not sure if I did it correctly, but still did not work.

Any help is greatly appreciated. I'm glad I found this forum as after I get this working, I'm excited to try out Merlin's firmware and hope it helps with some wireless stability issues.

 

[Dalumberjack]

So almost 100 views and no answer or ideas. Not sure if its because now one really knows how to help or is it so simple and stupid I should of figured it out by now?

If its the second one, could someone please let me know so I can continue digging on the internet.

 

[SO333]

I think you need to specify a local port.
Here is the Asus FAQ http://www.asus.com/us/support/FAQ/114093

 

[Dalumberjack]

I think you need to specify a local port.
Here is the Asus FAQ http://www.asus.com/us/support/FAQ/114093

Thank you for the link.

I read it before, maybe more of a glance, so I followed it to a T this time.

Still no joy unfortunately. I posted my issue in a security forum that talks about the product I bought. Seems other people have the same issue / question on how to get the module accessible from the outside.

Not sure since the module states it requires HTTPS makes a difference on how I am supposed to set up port forwarding or if a ddns is required for that type of access.

I'm learning as I research a little more everyday and posting questions.

 

[john9527]

I think by default port 443 is reserved by the AiCloud service (maybe even if you aren't using AiCloud, don't quite remember) . Try going to the AiCloud /Settings page and changing the port there, then re-enter your port forward.

 

[Dalumberjack]

I think by default port 443 is reserved by the AiCloud service (maybe even if you aren't using AiCloud, don't quite remember) . Try going to the AiCloud /Settings page and changing the port there, then re-enter your port forward.

Nice find, I did not see that when clicking around that tabs.

After switching the aicould port range, now something different happens. When I try to access the wan IP address or the ddns, the browser on my phone tries to download something now. It never does download anything, just keeps trying to download some file repeatedly from the address I typed in.

So yay for something new, just not quite there yet.

 

[Dalumberjack]

So just a quick update,

I don't think the security module I have will work with the AC87. Maybe its because it says it needs to be accessed by https, I'm not really sure (still learning here).

I have tried everything I could think of or find on the net between having the right port open to using a ddns. The small security forum that talks about this alarm also has the same issue and had no suggestions on how to get it to work as they have all been stuck trying to figure it out.

If I ever stumble across something and I get it to work, I'll post here how.

 

[RMerlin]

Could be a security measure of the device where they flat out reject any connection with a source IP that's public (i.e. not a 192.168.xxx.yyy source IP).

 

[Dalumberjack]

Could be a security measure of the device where they flat out reject any connection with a source IP that's public (i.e. not a 192.168.xxx.yyy source IP).

It seems like this is probably the case.

I was hoping a ddns would fix that, but still a no go. The module I am using is the Honeywell VAM (Vista Automation Module)

BTW, thanks for the awesome firmware, I updated to it and it seems to have helped with some stability issues.

 

[RMerlin]

It seems like this is probably the case.

I was hoping a ddns would fix that, but still a no go. The module I am using is the Honeywell VAM (Vista Automation Module)

A DDNS merely provides you with a "target" for your remote connection to connect with. It has no impact on the connection itself, or its source.

You might need to use a VPN to remotely access it. That way, the source IP will also be a private IP, that might be more to your device's linking.

 

[fr33z0n3r]

I'm not sure if you've setup everything correctly. I just want to make sure.

Here is an example that should work. At least on networks that are not blocking random ports .(which any terrible ISP could do)

HTTPS operates on port 443 TCP.

Service Name   Port Range  Local IP                 Local Port      Protocol
servicename     58990      <home alarm module IP>     443             TCP

Then access https://<yourpublicIP>:58990

The port used can be anything from 1024 to 65535, but it is recommended to use 49152 to 65535.

 

[NomadTech]

So I'm a newb and I'm stuck

I have the Asus AC87 with firmware 3.0.0.4.376_2769.

I have an home alarm module that is connected wirelessly to my router. On my network at home I have no problem connecting to it, butt connecting to it from the outside world is the problem.

The automation module states, "HTTPS is for remote access. Make sure port 443 is open in the router settings."

In the port forwarding tab under WAN, I enabled port forwarding, my range is 443, entered the local IP address for the module, left local port blank, lastly I selected "Other" for protocol (I think I read it somewhere to put that, not sure).

With these settings I can not get access to my module. I tried all the other protocol settings to no avail. The module has a prompt that should pop up requesting username & PW when accessed from the outside. I did some research, read about doing a ddns. Tried that which I'm not sure if I did it correctly, but still did not work.

Any help is greatly appreciated. I'm glad I found this forum as after I get this working, I'm excited to try out Merlin's firmware and hope it helps with some wireless stability issues.

I connect to my DSC via envisalink module from the outside world using VPN to my router and having port 4025 forwarded to it in the WAN section. See what port your alarm uses, have it forwarded to the proper IP address (make it static in the router) and use VPN to access your network and everything on it.
I see you tried port 443 which is standard for https, but this is not necessarily the port used by your VAM. My envisalink module also uses https but on port 4025.
Looks that your VAM is a Tuxedo without display. Tuxedo uses port 6280.
From http://library.ademconet.com/MWT/fs2/6/5533.PDF

Manual Configuration Steps
1. Set the HTTP Port in the Tuxedo Touch
– Primary Listening Port 80 (Fixed)
– Secondary Listening Port 6280 (Changeable)
– To Change Secondary Listing Port 6280: from the IP Setup Screen,
Press the Port Number “6280”, and Enter a New 5-digit Port Number.
2. Setup DDNS Account
– Create a DDNS Account with a Service that is Supported by the Premises
Router.
3. Configure Router
– Port Forward the Tuxedo’s HTTP Port to the Tuxedo’s Local IP Address
– Setup the Router’s DDNS Support

 

[Peter Flynn]

This thread seems to just stop here, with no confirmation if the Honeywell VAM can infact be reached from the internet, without going thru honeywell Total Connect network, for a fee. I was thinking of purchasing one myself, but I am only interested if I am able to access it from my local LAN, and more importantly, from outside, with out going thru a 3rd party service.
Thanks ....

 

[jerryr]

I just installed a VAM today. Set it up per instructions. Port forwarded 443 to the VAM IP address using web 80

Logged in via secure HTTPS://

What threw me off for a while was when I set up user and password on the VAM. After setting it up you must click the DISABLED button for it to turn green and ENABLED

Everything works remotely.

 

[kdhoo]

Glad to hear you were able to access the VAM remotely - great catch on the DISABLE button. Are you able to receive email alerts from the VAM? If so, what's the trick for getting that feature to work - any special settings on your router?

 

[jerryr]

Glad to hear you were able to access the VAM remotely - great catch on the DISABLE button. Are you able to receive email alerts from the VAM? If so, what's the trick for getting that feature to work - any special settings on your router?

No, I have not been able to get email alerts sent from my VAM. I tried using my gmail and yahoo SMTP settings and addresses to send and never got emails to go to my addresses.

It's not a big deal for me since I get SMS text/emails from my alarm through both my Envisalink-3 and my iPdatatel CBAT cellular communicator.

 

[tcxoman]

Did you go to "setup", "login", enter user accounts and passwords and then enable the accounts. If this is not done, you cannot access the VAM regardless of port forwarding. I am using an ASUS RT-AC68U and have no issues logging in remotely/