We print to remote printers a lot.
We do NOT give our inside workstations a static address. The printers on the
remote end of course do have public addresses statically assigned. If you
are doing straight TCP/IP printing then this should work fine. The problem
(at least it used to be a problem) used to be that the PIX would not look
inside the datagram and nat any addresses found in the data portion of the
packet which you need to do for netbui or netbios over TCP/IP (Microsoft
mostly). My understanding is that is corrected in the newer PIX codes.
My suggestion would be that if you are using print server set them up for
TCP/IP printing only and set your workstation up for it as well. This is how
we do it.
For straight plain old TCP/IP printing this should be fine!!!
The printer should find it's way back to your workstation because on the way
out YOUR SOURCE address was translated to a public address. When the printer
responds it will be responding to that public address which of course maps
back to your privately addressed workstation.
-----Original Message-----
From: Dennis [mailto:[EMAIL PROTECTED]]
Sent: Saturday, February 03, 2001 7:12 PM
To: [EMAIL PROTECTED]
Subject: Re: TCP/IP print through firewall
In addition to the public routable address on the printer, you need a
routable address on the workstation. You can accomplish this with a static
NAT translation on your firewall. Most likely, you currently have one
public address for your entire network for browsing. Hopefully you have a
spare address that you are not using.
Here is what is will look like:
-request from workstation 10.x.x.x sends a print job to printer
100.100.100.100
-request goes to the workstation's gateway router to be routed to the
printer.
-gateway router forwards request to the firewall where the workstation's
10.x.x.x address is translated to a public address from the pool of
addresses that were assigned to your company from your ISP. (This is already
happening if the workstation has Internet access but the address currently
being used for Internet browsing by the workstation is probably the same one
as everyworkstation on your network. This is why you need to put a static
translation on the firewall for this workstation. Same idea as if you have
a webserver or email server with a private address which needs to be
translated at the firewall).
-There is one other possible gotcha--your firewall may need a rule which
allows the remote printer in.
Just my humble opinion.
Let us know how it works out.
"Ole Drews Jensen" <[EMAIL PROTECTED]> wrote in message
2019FB428FD3D311893700508B71EBFB54AE9E@RWR_MAIL_SVR">news:2019FB428FD3D311893700508B71EBFB54AE9E@RWR_MAIL_SVR...
> All this reading about routed protocols and routing protocols makes you
> think you know it all, until you are in front of a new funny situation. I
am
> sure that someone out there can explain this to me real quick and easy, so
> here's my question.
>
> We have a LAN with a private network 10.0.0.0, and from a workstation I
need
> to print to a TCP/IP ready printer at another company, which has a public
> address 100.100.100.100 (this is ofcourse not the real one).
>
> My computer should not have any problems getting routed to that printer
via
> it's default gateway (the firewall), via the firewalls default gateway
(the
> router), via the routers default gateway (our isp), and so on.
>
> BUT, the computer needs a response from the printer so it knows that it's
> there and ready, but when the printer tries to reply to my computer
> 10.1.2.3, it will be dropped by it's default gateway (the other company's
> router), because the 10.0.0.0 network is not routable through the
Internet.
>
> I'm I right, and what would be the thing to do here?
>
> Would I HAVE to do a NAT on my workstation so the printer can reply back
> that way?
>
> Thanks for any comments on this,
>
> Ole
>
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> Ole Drews Jensen
> Systems Network Manager
> CCNA, MCSE, MCP+I
> RWR Enterprises, Inc.
> [EMAIL PROTECTED]
> http://www.CiscoKing.com
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> NEED A JOB ???
> http://www.oledrews.com/job
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>
> _________________________________
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>
_________________________________
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
_________________________________
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
