Solved

printing through the firewall out person able to print inside

Posted on 2012-04-05
2
1,232 Views
Last Modified: 2012-04-13
I have a cisco ASA firewall that is running 8.4 and I would like to allow users to print on a internal printer either using port lpd or 9100.

object network 4250-out
 host 1.1.1.234
object network 4250-in
 host 192.168.2.23
access-list allowin extended permit tcp any host 1.1.1.234 eq 9100
access-list allowin extended permit tcp any host 1.1.1.234 eq lpd

object network 4250-in
 nat (inside,outside) static 4250-out

access-group allowin in interface outside

I have tried a number of configurations based on examples I have seen in books and on the internet but I can not get users to print through the firewall to printers inside

4250-out is the outside address that is setup on the users pc's that needs to be mapped to 4250-in.  I have also created access-list to open up the ports.  

Any info would be appreciated.

jim
0
Comment
Question by:bnjrj
2 Comments
 
LVL 17

Accepted Solution

by:
TimotiSt earned 500 total points
ID: 37841490
If I remember correctly, on the ASA platform the DNAT happens before the ACL is checked. So you'll need to refer to the internal address (192.168.2.23) in the ACL.
And make sure there are no "deny" type ACL entries before your "permit" lines.

Tamas
0
 

Author Closing Comment

by:bnjrj
ID: 37843763
Yes that was the problem, the difference between pre 8.3 and post 8.3 versions.  I got it to work.

jim
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Before I go to far, let's explain HA (High Availability) and why you should consider it.  High availability is the mechanism used to provide redundancy to any service at the same site and appears as a single service to the users of that service.  As…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question