I have a situation where a user on a vlan needs to recieve scanned items from a large multifunction copier/printer/scanner to a file share on his computer. Here is the scenario: Using SMB, the copier is able to see shared folders that reside on the network. Folks are able to scan documents directly to these shared folders on their computers. The problem is that users on a different vlan would like that functionality as well but obviously cannot because the ASA does not allow that traffic to pass. With that said, is there a way to allow SMB through the ASA to a different vlan? For example, the copier is on 192.168.1.x and the PC on 192.168.20.x.
John, the question for you would be: Where, does 192.168.x and 192.168.20.x seats in relation to ASA firewall inside interface, are there subnets being routed through ASA meaning does 192.168.1.x and 192.168.20.x have unique interface in firewall? if this is so you should be able to permision smb tcp 139 and/or netbios ports.
Anyways, provide some more information these two subnets topology.
Ok, so printer is in vlan 1 subnet 192.168.1.x , and you have vlan 5 svi confiured, if so what is the security level of vlan 5 192.168.20.x in asa?
if I understand this correcty both subnets then are routed by asa5505 , and I suspect they are both using same sec level if so both nets should be able to talk to each other without any access rules as long you have same-security-traffic permit inter-interface statemet in firewall, any traffic including udp/tcp traffic should flow without the use of acls, please confirm this is the scenario.
vlan 5 has a security level of 5 and the native vlan 100. I have a NAT rule setup so that the folks on the 5 vlan can print to the printer on the natvie vlan (192.168.1.x) however, file sharing from the printer to the PC does not work. Here are the nat rules:
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...