I have a Cisco ASA5510 where we have to separate networks on two separate interfaces.
The networks should have nothing to do with each other except that network B needs to access a printer on network A.
Network A: 192.168.137.0/24
Printer: 192.168.137.20
Network B: 192.168.0.0/24
I've added an incoming rule from Network A to the Printer IP in the ASDM interface but clients can't print.
Our previous router was configured to let traffic through so the clients on Network B is already configured so it think it should work if traffic is allowed.
How do I let clients on Network B communicate with the printer?
UPDATE:
Found the following inte the firewall log (thanks to resmon6):
%ASA-5-305013: Asymmetric NAT rules matched for forward and reverse
flows; Connection protocol src
interface_name:source_address/source_port [(idfw_user)] dst
interface_name:dst_address/dst_port [(idfw_user)] denied due to NAT
reverse path failure. An attempt to connect to a mapped host using its
actual address was rejected.
I'm new to ASA so please bear with me, I guess i should add a NAT rule in the Configuration> Firewall > NAT Rules but what settings should it have to allow only the printer to be translated?
UPDATE 2:
This is the current NAT-rules:
Result of the command: "show run nat"
nat (NetworkA) 101 0.0.0.0 0.0.0.0
nat (NetworkB) 101 0.0.0.0 0.0.0.0
nat (NetworkC) 101 0.0.0.0 0.0.0.0
Result of the command: "show run global"
global (outside) 101 interface
Result of the command: "show run static"
The command has been sent to the device
Best Answer
You should look at the firewall logs when you are trying to print to the server to see if you're missing any ACL rules. A good way to do this is in ASDM under the monitoring=>logging sections.
edit:
You need to add a static NAT translation from NetworkA to NetworkB for that printer. The CLI command for this would be
static (NetworkA,NetworkB) 192.168.137.20 192.168.137.20 netmask 255.255.255.255