What are the Remote Access Options for CathexisVision VMS?


Unfortunately most video surveillance systems are firewalled and blocked from direct access to

the public Internet.

There are 5 Remote Access Options for Video Surveillance

Port forwarding

Universal Plug and Play (UPnP)

Dynamic DNS

Virtual Private Networks (VPNs)

Cloud / 'Phone Home' (e.g., Axis AVHS, Dropcam)

Port forwarding (Option 1) assumes the use of a static public IP address, but you can always make use of Dynamic DNS (option 3) to get around this.

You can also make use of your own VPN connection (option 4) in order to to connect to your recoder.

We do not support the following:

Option 2: Universal Plug And Play

Universal Plug and Play (UPnP) is a set of protocols which automate device

discovery and configuration on a local network. One of the aims of UPnP is

eliminating manual port forwarding (above), allowing a UPnP device to

automatically create port mappings in a router without any intervention from the


However, in practice, UPnP is unreliable in many cases. In many business

networks, large and small, UPnP functions are turned off, requiring manual port

forwarding. In consumer use, port mappings may not function properly, may be

added more than once, may conflict with other devices, or may simply not be

added at all. Making things worse, error information is rarely available when

UPnP port mapping fails, leaving the user without any means of troubleshooting.

Because of these reasons, manual port forwarding has proven more reliable in

commercial surveillance, with UPnP typically left to consumer use.

Option 5: Cloud / 'Phone Home'

To eliminate the complexity and potential for errors involved in manual port

forwarding, UPnP, and Dynamic DNS, cloud connections have become more

prevalent. Cloud connections are a form of VPN (sometimes called application

specific VPNs) which requires limited or no user interaction to configure.

Dropcam and Axis AVHS are two prominent examples of this approach.

Cloud connections are generally made via a secure TLS (transport layer security,

an encryption protocol) tunnel, set up via these basic steps (noted on the image


Initiating device sends a HELLO message to request a connection.

Server sends HELLO along with a security certificate.

A handshake is performed and a secure tunnel is set up.

Once the TLS tunnel is in place, data sent through it is encrypted, with

protocol and data specifics obscured (shown only as "application data" in

the example below).


Article: Remote Network access for Video Surveillance
Was this article helpful?
Thank you!