I have a ASA 5505 with an inside netowk of 10.xx.180.0, and an outside network of xxx.xxx.23.170. Now the ouside server has to be bale to printer to a printer on the inside for daily reports.
should I just nat the inside IP to the a outside IP.
What would be best practise here. I don't want to comprimise inside network?
Can some help me out?
Solved! Go to Solution.
I still can't map the printer on the inside interface from the ouside. I added the following statement
static (inside,outside) xxx.xxx.120.103 10.xxx.180.103 netmask 255.255.255.255 tcp 1 0
Then I addedd the ouside server to allow enterance on ouside interface but still can not see it.
I tryied to ping but I alway get denied. Can you ping from a lower security interface to a higher one?
access-list outside_access_in extended permit icmp xxx.xxx.21.0 255.255.255.128 any
Can't get it to work.
The server that needs to access the inside printer is
xxx.xxx.23.170 VMS5_Banner witch is part of the Allowed_Out Policy group and here is the acl for that (well I thught it was)
access-list outside_access_in extended permit ip object-group Allowed_Out object-group Allowed_Int
and the inside subnet is part of the Allowed_in.
Did I do it correctly.
You were right. After I add the permission for the xxx.xxx.23.170 (VMS5-BANNER)
access-list outside_access_in extended permit ip host VMS5_BANNER host xxx.xxx.120.103
Life is good. It works!