Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1388
  • Last Modified:

printing through the firewall out person able to print inside

I have a cisco ASA firewall that is running 8.4 and I would like to allow users to print on a internal printer either using port lpd or 9100.

object network 4250-out
 host 1.1.1.234
object network 4250-in
 host 192.168.2.23
access-list allowin extended permit tcp any host 1.1.1.234 eq 9100
access-list allowin extended permit tcp any host 1.1.1.234 eq lpd

object network 4250-in
 nat (inside,outside) static 4250-out

access-group allowin in interface outside

I have tried a number of configurations based on examples I have seen in books and on the internet but I can not get users to print through the firewall to printers inside

4250-out is the outside address that is setup on the users pc's that needs to be mapped to 4250-in.  I have also created access-list to open up the ports.  

Any info would be appreciated.

jim
0
bnjrj
Asked:
bnjrj
1 Solution
 
TimotiStDatacenter TechnicianCommented:
If I remember correctly, on the ASA platform the DNAT happens before the ACL is checked. So you'll need to refer to the internal address (192.168.2.23) in the ACL.
And make sure there are no "deny" type ACL entries before your "permit" lines.

Tamas
0
 
bnjrjAuthor Commented:
Yes that was the problem, the difference between pre 8.3 and post 8.3 versions.  I got it to work.

jim
0

Featured Post

Managing Security & Risk at the Speed of Business

Gartner Research VP, Neil McDonald & AlgoSec CTO, Prof. Avishai Wool, discuss the business-driven approach to automated security policy management, its benefits and how to align security policy management with business processes to address today's security challenges.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now