Accessing rinter on inside of ASA

Answered Question
Jul 25th, 2008
User Badges:

I have a ASA 5505 with an inside netowk of 10.xx.180.0, and an outside network of Now the ouside server has to be bale to printer to a printer on the inside for daily reports.

should I just nat the inside IP to the a outside IP.

What would be best practise here. I don't want to comprimise inside network?

Can some help me out?


Mike Williams

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Farrukh Haroon Sat, 07/26/2008 - 03:11
User Badges:
  • Red, 2250 points or more

If it is a newer HP printer, you can use 'Jet-Direct' to connect to the printer using TCP. I think its port 9100.



michael.m.williams Tue, 07/29/2008 - 05:02
User Badges:

I still can't map the printer on the inside interface from the ouside. I added the following statement

static (inside,outside) netmask tcp 1 0

Then I addedd the ouside server to allow enterance on ouside interface but still can not see it.

I tryied to ping but I alway get denied. Can you ping from a lower security interface to a higher one?

access-list outside_access_in extended permit icmp any

Can't get it to work.


michael.m.williams Tue, 07/29/2008 - 09:07
User Badges:

Here is me config.

Is the security level wrong on my interface? I have 0 on the outside and 100 on the inside. These were the defaults.



michael.m.williams Wed, 07/30/2008 - 05:04
User Badges:

The server that needs to access the inside printer is VMS5_Banner witch is part of the Allowed_Out Policy group and here is the acl for that (well I thught it was)

access-list outside_access_in extended permit ip object-group Allowed_Out object-group Allowed_Int

and the inside subnet is part of the Allowed_in.

Did I do it correctly.


michael.m.williams Wed, 07/30/2008 - 07:58
User Badges:

You were right. After I add the permission for the (VMS5-BANNER)

access-list outside_access_in extended permit ip host VMS5_BANNER host

Life is good. It works!




This Discussion