Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

Accessing rinter on inside of ASA

I have a ASA 5505 with an inside netowk of 10.xx.180.0, and an outside network of xxx.xxx.23.170. Now the ouside server has to be bale to printer to a printer on the inside for daily reports.

should I just nat the inside IP to the a outside IP.

What would be best practise here. I don't want to comprimise inside network?

Can some help me out?

Thanks

Mike Williams

1 ACCEPTED SOLUTION

Accepted Solutions

Re: Accessing rinter on inside of ASA

Mike,

I cannot see in the acl "outside_access_in" where you are allowing IP or TCP access from the external server to the internet printer, on the NAT address?

10 REPLIES

Re: Accessing rinter on inside of ASA

Mike,

Simply - attach a printer to the server or, bring the server from the outside into the inside!

HTH>

Re: Accessing rinter on inside of ASA

If it is a newer HP printer, you can use 'Jet-Direct' to connect to the printer using TCP. I think its port 9100.

Regards

Farrukh

Re: Accessing rinter on inside of ASA

I still can't map the printer on the inside interface from the ouside. I added the following statement

static (inside,outside) xxx.xxx.120.103 10.xxx.180.103 netmask 255.255.255.255 tcp 1 0

Then I addedd the ouside server to allow enterance on ouside interface but still can not see it.

I tryied to ping but I alway get denied. Can you ping from a lower security interface to a higher one?

access-list outside_access_in extended permit icmp xxx.xxx.21.0 255.255.255.128 any

Can't get it to work.

Mike

Re: Accessing rinter on inside of ASA

Mike,

Post your config - sanitised of course.

HTH>

Re: Accessing rinter on inside of ASA

Here is me config.

Is the security level wrong on my interface? I have 0 on the outside and 100 on the inside. These were the defaults.

thanks

mike

Re: Accessing rinter on inside of ASA

Mike,

I cannot see in the acl "outside_access_in" where you are allowing IP or TCP access from the external server to the internet printer, on the NAT address?

Re: Accessing rinter on inside of ASA

The server that needs to access the inside printer is

xxx.xxx.23.170 VMS5_Banner witch is part of the Allowed_Out Policy group and here is the acl for that (well I thught it was)

access-list outside_access_in extended permit ip object-group Allowed_Out object-group Allowed_Int

and the inside subnet is part of the Allowed_in.

Did I do it correctly.

Mike

Re: Accessing rinter on inside of ASA

That looks OK now you have explained the object names.

Looks like it should work, as you sure the printer has IP connectivity?

Re: Accessing rinter on inside of ASA

You were right. After I add the permission for the xxx.xxx.23.170 (VMS5-BANNER)

access-list outside_access_in extended permit ip host VMS5_BANNER host xxx.xxx.120.103

Life is good. It works!

Thanks

mike

Re: Accessing rinter on inside of ASA

np - glad to help.

128
Views
0
Helpful
10
Replies