• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 627
  • Last Modified:

Allow printing from Lan based network printers to specific computers in DMZ

After having my previous question answered successfully:

http://www.experts-exchange.com/Security/Software_Firewalls/Enterprise_Firewalls/Cisco_PIX_Firewall/Q_27484317.html

I now need to allow the computers in the DMZ to print to IP printers that are on the regular network.  One of them is a Canon (192.168.128.59) and the other is an HP (192.168.128.111).  Looking at the print drivers, they are using RAW / 9100.

So far I have tried creating static ROUTEs for both printer IPs...same as was done in the initial setup in the question above.  I have also added an ASA dmz rule to allow port 9100.

What else am I missing?

Thank you!
0
lor1974
Asked:
lor1974
  • 5
  • 3
1 Solution
 
Robert Sutton JrSenior Network ManagerCommented:
Can any of the computers in question view/discover these networked printers on the LAN? Can you post a sanitized copy of your running config?
0
 
lor1974Author Commented:
The current setup consists of:

DMZ computer I am testing on = 192.168.100.50

The computer has the following ROUTE command for communication with a server on the network

ROUTE -p ADD 192.168.128.10 MASK 255.255.255.255 192.168.100.1
(DMZ gateway (ISA) = 192.168.100.1)

I added the same ROUTE commands for the IP addresses of the printers (59, 111)

I have the following for the ASA:

access-list dmz_inside extended permit tcp host 192.168.100.50 any eq 9100

I also have an access rule in ISA to allow all traffic between all the required systems.








0
 
Robert Sutton JrSenior Network ManagerCommented:
And you have the following command entered(Im assuming)?
access-group DMZ_inside in interface DMZ
0
IT Degree with Certifications Included

Aspire to become a network administrator, network security analyst, or computer and information systems manager? Make the most of your experience as an IT professional by earning your B.S. in Network Operations and Security.

 
lor1974Author Commented:
yes

it is only a question of what is needed to get the printing to work...the setup is fine otherwise.

Thanks!
0
 
lor1974Author Commented:
I got it working by adding a static (inside,dmz) command for each printer ip & and a permit ip any host rule for the printer addresses.

My concern now is that permit ip rule is a security hole.
0
 
Robert Sutton JrSenior Network ManagerCommented:
How so? They are coming in from your trusted network(Inside).
0
 
lor1974Author Commented:
Just a general concern that I inadvertently open a security hole since this is not my area of expertise.

Thanks
0
 
lor1974Author Commented:
I got it working by using advice that I found in other threads
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Cloud Class® Course: MCSA MCSE Windows Server 2012

This course teaches how to install and configure Windows Server 2012 R2.  It is the first step on your path to becoming a Microsoft Certified Solutions Expert (MCSE).

  • 5
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now