I have a ASA 5505 with Security Plus license running IOS 9.0(2). I need to print from computers on one VLAN to a printer on a different VLAN. Both VLANs are configured on the same ASA. The VLAN network I need to print from is also configured on an Aironet WiFi access point. This VLAN is a guest wireless. The VLAN with the printer I need to print to is the inside VLAN. I would like to only allow access to the printer.
I have only one ACL for the guest VLAN and that is for blocking outgoing SMTP. Thank you for replying however, I don't feel configuring the ACL is the answer. I've uploaded a copy of the ASA config file.
You are right, your guests already have full access to your internal network. But as you write that you only want to allow traffic to the printer, that's probably not what you wanted. To change that you have to replace the second line in the "Outbound-Guest" ACL with specific permit entries.
But again, printing should work with this config.
Although one problem could be caused by your NAT-config. You can replace the line
nat (inside,any) source static any any destination static obj-172.16.1.0 obj-172.16.1.0 no-proxy-arp
nat (inside,outside) source static any any destination static obj-172.16.1.0 obj-172.16.1.0 no-proxy-arp route-lookup
If you only test with PING, then you should make ICMP statefully inspected:
Community Live Event Video
Are you ready to level up your security? Learn more about how Cisco SecureX can help you simplify your security and maximize operational efficiency.
This event talks about Cisco SecureX, its benefits, features, and usage. Th...
Hi all,I cannot understand why is something working very well they create a way to complicate things in Cisco ASA OS. I have a rule :object network LOCAL_ADRESS1 host 192.168.20.12 nat (VLAN20,outside) source static LOCAL_ADRESS1 interface&...
It is our pleasure to officially announce the finalists in the 2021 IT Blog Awards. We are now looking to our amazing tech community to check out the amazing line up of bloggers, vloggers and podcasters. Make sure to vote for your favorites...
Community Live Event Slides
This event talks about Cisco SecureX, its benefits, features, and usage. The session includes sample use cases and live demonstrations.
Cisco expert Luis Silva talks about how this solution can integrate Cisco technology and ...
Hello All, Recently I got an opportunity to perform POC with Cisco ISE (2.7 Patch 4) and Aruba Wireless AP (IAP) to perform 802.1x EAP-FAST (machine + user) authentication followed by Posture Assessment on Windows 10 Machines (installed with AnyConnect 4....