Allow printing from Lan based network printers to specific computers in DMZ
After having my previous question answered successfully:
https://www.experts-exchange.com/questions/27484317/Internet-access-for-computers-with-2-NICs-sitting-in-DMZ.html
I now need to allow the computers in the DMZ to print to IP printers that are on the regular network. One of them is a Canon (192.168.128.59) and the other is an HP (192.168.128.111). Looking at the print drivers, they are using RAW / 9100.
So far I have tried creating static ROUTEs for both printer IPs...same as was done in the initial setup in the question above. I have also added an ASA dmz rule to allow port 9100.
What else am I missing?
Thank you!
https://www.experts-exchange.com/questions/27484317/Internet-access-for-computers-with-2-NICs-sitting-in-DMZ.html
I now need to allow the computers in the DMZ to print to IP printers that are on the regular network. One of them is a Canon (192.168.128.59) and the other is an HP (192.168.128.111). Looking at the print drivers, they are using RAW / 9100.
So far I have tried creating static ROUTEs for both printer IPs...same as was done in the initial setup in the question above. I have also added an ASA dmz rule to allow port 9100.
What else am I missing?
Thank you!
Robert Sutton Jr
Can any of the computers in question view/discover these networked printers on the LAN? Can you post a sanitized copy of your running config?
ASKER
The current setup consists of:
DMZ computer I am testing on = 192.168.100.50
The computer has the following ROUTE command for communication with a server on the network
ROUTE -p ADD 192.168.128.10 MASK 255.255.255.255 192.168.100.1
(DMZ gateway (ISA) = 192.168.100.1)
I added the same ROUTE commands for the IP addresses of the printers (59, 111)
I have the following for the ASA:
access-list dmz_inside extended permit tcp host 192.168.100.50 any eq 9100
I also have an access rule in ISA to allow all traffic between all the required systems.
DMZ computer I am testing on = 192.168.100.50
The computer has the following ROUTE command for communication with a server on the network
ROUTE -p ADD 192.168.128.10 MASK 255.255.255.255 192.168.100.1
(DMZ gateway (ISA) = 192.168.100.1)
I added the same ROUTE commands for the IP addresses of the printers (59, 111)
I have the following for the ASA:
access-list dmz_inside extended permit tcp host 192.168.100.50 any eq 9100
I also have an access rule in ISA to allow all traffic between all the required systems.
And you have the following command entered(Im assuming)?
access-group DMZ_inside in interface DMZ
access-group DMZ_inside in interface DMZ
ASKER
yes
it is only a question of what is needed to get the printing to work...the setup is fine otherwise.
Thanks!
it is only a question of what is needed to get the printing to work...the setup is fine otherwise.
Thanks!
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
How so? They are coming in from your trusted network(Inside).
ASKER
Just a general concern that I inadvertently open a security hole since this is not my area of expertise.
Thanks
Thanks
ASKER
I got it working by using advice that I found in other threads