Accessing rinter on inside of ASA

Answered Question
Jul 25th, 2008
User Badges:

I have a ASA 5505 with an inside netowk of 10.xx.180.0, and an outside network of xxx.xxx.23.170. Now the ouside server has to be bale to printer to a printer on the inside for daily reports.

should I just nat the inside IP to the a outside IP.


What would be best practise here. I don't want to comprimise inside network?


Can some help me out?


Thanks


Mike Williams

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Farrukh Haroon Sat, 07/26/2008 - 03:11
User Badges:
  • Red, 2250 points or more

If it is a newer HP printer, you can use 'Jet-Direct' to connect to the printer using TCP. I think its port 9100.


Regards


Farrukh

michael.m.williams Tue, 07/29/2008 - 05:02
User Badges:

I still can't map the printer on the inside interface from the ouside. I added the following statement


static (inside,outside) xxx.xxx.120.103 10.xxx.180.103 netmask 255.255.255.255 tcp 1 0


Then I addedd the ouside server to allow enterance on ouside interface but still can not see it.


I tryied to ping but I alway get denied. Can you ping from a lower security interface to a higher one?


access-list outside_access_in extended permit icmp xxx.xxx.21.0 255.255.255.128 any


Can't get it to work.


Mike


michael.m.williams Tue, 07/29/2008 - 09:07
User Badges:

Here is me config.


Is the security level wrong on my interface? I have 0 on the outside and 100 on the inside. These were the defaults.


thanks


mike



Attachment: 
michael.m.williams Wed, 07/30/2008 - 05:04
User Badges:

The server that needs to access the inside printer is


xxx.xxx.23.170 VMS5_Banner witch is part of the Allowed_Out Policy group and here is the acl for that (well I thught it was)


access-list outside_access_in extended permit ip object-group Allowed_Out object-group Allowed_Int


and the inside subnet is part of the Allowed_in.


Did I do it correctly.


Mike

michael.m.williams Wed, 07/30/2008 - 07:58
User Badges:

You were right. After I add the permission for the xxx.xxx.23.170 (VMS5-BANNER)


access-list outside_access_in extended permit ip host VMS5_BANNER host xxx.xxx.120.103


Life is good. It works!


Thanks


mike

Actions

This Discussion