07-25-2008 12:53 PM - edited 03-11-2019 06:20 AM
I have a ASA 5505 with an inside netowk of 10.xx.180.0, and an outside network of xxx.xxx.23.170. Now the ouside server has to be bale to printer to a printer on the inside for daily reports.
should I just nat the inside IP to the a outside IP.
What would be best practise here. I don't want to comprimise inside network?
Can some help me out?
Thanks
Mike Williams
Solved! Go to Solution.
07-30-2008 12:42 AM
Mike,
I cannot see in the acl "outside_access_in" where you are allowing IP or TCP access from the external server to the internet printer, on the NAT address?
07-25-2008 03:32 PM
Mike,
Simply - attach a printer to the server or, bring the server from the outside into the inside!
HTH>
07-26-2008 03:11 AM
If it is a newer HP printer, you can use 'Jet-Direct' to connect to the printer using TCP. I think its port 9100.
Regards
Farrukh
07-29-2008 05:02 AM
I still can't map the printer on the inside interface from the ouside. I added the following statement
static (inside,outside) xxx.xxx.120.103 10.xxx.180.103 netmask 255.255.255.255 tcp 1 0
Then I addedd the ouside server to allow enterance on ouside interface but still can not see it.
I tryied to ping but I alway get denied. Can you ping from a lower security interface to a higher one?
access-list outside_access_in extended permit icmp xxx.xxx.21.0 255.255.255.128 any
Can't get it to work.
Mike
07-29-2008 06:40 AM
Mike,
Post your config - sanitised of course.
HTH>
07-29-2008 09:07 AM
07-30-2008 12:42 AM
Mike,
I cannot see in the acl "outside_access_in" where you are allowing IP or TCP access from the external server to the internet printer, on the NAT address?
07-30-2008 05:04 AM
The server that needs to access the inside printer is
xxx.xxx.23.170 VMS5_Banner witch is part of the Allowed_Out Policy group and here is the acl for that (well I thught it was)
access-list outside_access_in extended permit ip object-group Allowed_Out object-group Allowed_Int
and the inside subnet is part of the Allowed_in.
Did I do it correctly.
Mike
07-30-2008 05:10 AM
That looks OK now you have explained the object names.
Looks like it should work, as you sure the printer has IP connectivity?
07-30-2008 07:58 AM
You were right. After I add the permission for the xxx.xxx.23.170 (VMS5-BANNER)
access-list outside_access_in extended permit ip host VMS5_BANNER host xxx.xxx.120.103
Life is good. It works!
Thanks
mike
07-30-2008 08:00 AM
np - glad to help.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide