Solved

printing through the firewall out person able to print inside

Posted on 2012-04-05
2
1,210 Views
Last Modified: 2012-04-13
I have a cisco ASA firewall that is running 8.4 and I would like to allow users to print on a internal printer either using port lpd or 9100.

object network 4250-out
 host 1.1.1.234
object network 4250-in
 host 192.168.2.23
access-list allowin extended permit tcp any host 1.1.1.234 eq 9100
access-list allowin extended permit tcp any host 1.1.1.234 eq lpd

object network 4250-in
 nat (inside,outside) static 4250-out

access-group allowin in interface outside

I have tried a number of configurations based on examples I have seen in books and on the internet but I can not get users to print through the firewall to printers inside

4250-out is the outside address that is setup on the users pc's that needs to be mapped to 4250-in.  I have also created access-list to open up the ports.  

Any info would be appreciated.

jim
0
Comment
Question by:bnjrj
2 Comments
 
LVL 17

Accepted Solution

by:
TimotiSt earned 500 total points
ID: 37841490
If I remember correctly, on the ASA platform the DNAT happens before the ACL is checked. So you'll need to refer to the internal address (192.168.2.23) in the ACL.
And make sure there are no "deny" type ACL entries before your "permit" lines.

Tamas
0
 

Author Closing Comment

by:bnjrj
ID: 37843763
Yes that was the problem, the difference between pre 8.3 and post 8.3 versions.  I got it to work.

jim
0

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …
This video demonstrates how to create an example email signature rule for a department in a company using CodeTwo Exchange Rules. The signature will be inserted beneath users' latest emails in conversations and will be displayed in users' Sent Items…

932 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now