Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Community Member

PIX 501 6.3 limited to 1 JetDirect?

I have a PIX 501 Version 6.3(3) and I have successfully added access for one JetDirect, but when I added a second JetDirect printer on the LAN I am able to print only to one. I have deleted and added in the ACL for both JetDirects but only the printer showing on top (its JetDirect2 right now) can print.

Any Ideas? here's the portion of the config:

name JetDirect

name JetDirect2

access-list inside_outbound_nat0_acl permit ip VPNHEADEND

access-list outside_cryptomap_20 permit ip VPNHEADEND

access-list outside_access_in permit ip VPNHEADEND any

access-list outside_access_in permit tcp host MailServer any

access-list outside_access_in permit ip HomeOffc host [outside IP#2]

access-list outside_access_in permit ip HomeOffc host [outside IP#1]

access-list outside_access_in permit ip host [PIX outside IP] any

ip address outside (PIX outside gateway IP) 255.255.255.xx

ip address inside

global (outside) 1 interface

nat (inside) 0 access-list inside_outbound_nat0_acl

nat (inside) 1 0 0

static (inside,outside) [outside IP#2] JetDirect2 netmask 0 0

static (inside,outside) [outside IP#1] JetDirect netmask 0 0

access-group outside_access_in in interface outside

route outside [PIX outside IP] 1

I am using the PDM side to change the config, so there may be a problem with this as well?

thanks for the help!



Re: PIX 501 6.3 limited to 1 JetDirect?

PIX Firewall Versions 6.3 and higher let you use Media Access Control (MAC) addresses to bypass authentication for devices, such as Cisco IP Phones, that do not support AAA authentication. To use this feature, you identify the MAC addresses on the inside (higher security) interface. The PIX Firewall bypasses the AAA server for traffic that matches using both the MAC address and the IP address that has been dynamically assigned to the MAC address. Authorization services are automatically disabled when you bypass authentication. Accounting records are still generated (if enabled), but the username is not displayed.

CreatePlease to create content