Solved

printing through the firewall out person able to print inside

Posted on 2012-04-05
2
1,189 Views
Last Modified: 2012-04-13
I have a cisco ASA firewall that is running 8.4 and I would like to allow users to print on a internal printer either using port lpd or 9100.

object network 4250-out
 host 1.1.1.234
object network 4250-in
 host 192.168.2.23
access-list allowin extended permit tcp any host 1.1.1.234 eq 9100
access-list allowin extended permit tcp any host 1.1.1.234 eq lpd

object network 4250-in
 nat (inside,outside) static 4250-out

access-group allowin in interface outside

I have tried a number of configurations based on examples I have seen in books and on the internet but I can not get users to print through the firewall to printers inside

4250-out is the outside address that is setup on the users pc's that needs to be mapped to 4250-in.  I have also created access-list to open up the ports.  

Any info would be appreciated.

jim
0
Comment
Question by:bnjrj
2 Comments
 
LVL 17

Accepted Solution

by:
TimotiSt earned 500 total points
ID: 37841490
If I remember correctly, on the ASA platform the DNAT happens before the ACL is checked. So you'll need to refer to the internal address (192.168.2.23) in the ACL.
And make sure there are no "deny" type ACL entries before your "permit" lines.

Tamas
0
 

Author Closing Comment

by:bnjrj
ID: 37843763
Yes that was the problem, the difference between pre 8.3 and post 8.3 versions.  I got it to work.

jim
0

Featured Post

How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

Join & Write a Comment

Suggested Solutions

If you have an ASA5510 then this sort of thing would be better handled with a CSC Module, however on an ASA5505 thats not an option, and if you want to throw in a quick solution to stop your staff going to facebook during work time, then this is the…
Before I go to far, let's explain HA (High Availability) and why you should consider it.  High availability is the mechanism used to provide redundancy to any service at the same site and appears as a single service to the users of that service.  As…
It is a freely distributed piece of software for such tasks as photo retouching, image composition and image authoring. It works on many operating systems, in many languages.
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now