Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

Does the PIX have a problem handling PSH ACK TCP?

I have a problem currently with printing through a PIX firewall. The traffic is outbound through a PIX 525 and is a TCP connection on destination port 9100.

Packet capture has shown the TCP handshake to be SYN, SYN ACK, ACK then PSH ACK, and I cannot get the print to work.

I google'd "printing 9100 PIX" and found a couple of relevant results which point to the PIX dropping this type of traffic as a security risk.

Is this the case, and if so, as it is very legitimate traffic, what can be done to solve it ?

Any ideas please?

Many thanks

Phil Stephenson

4 REPLIES
Cisco Employee

Re: Does the PIX have a problem handling PSH ACK TCP?

Phil,

Can you share the packet captures (pcap format, 1500 bytes), software version of PIX, logg message displayed when PIX is dropping this packet.

Marcin

Cisco Employee

Re: Does the PIX have a problem handling PSH ACK TCP?

Pls. enable logging as well and see what the syslogs say.

conf t

loggin on

logging buffered 7

exit

sh logg | i x.x.x.x

where x.x.x.x is the printer ip

-KS

Community Member

Re: Does the PIX have a problem handling PSH ACK TCP?

also let us know how printer is connected and if any Fp servers are used.

Community Member

Re: Does the PIX have a problem handling PSH ACK TCP?

I have this same problem. Have you found a solution?

Edit...Eureka! All I needed to do was "clear xlate" for it to pick up my new configuration. Now it works. Sorry, I'm new at this.

680
Views
0
Helpful
4
Replies
CreatePlease to create content