Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

PIX 501 6.3 limited to 1 JetDirect?

I have a PIX 501 Version 6.3(3) and I have successfully added access for one JetDirect, but when I added a second JetDirect printer on the LAN I am able to print only to one. I have deleted and added in the ACL for both JetDirects but only the printer showing on top (its JetDirect2 right now) can print.

Any Ideas? here's the portion of the config:

name 10.10.3.11 JetDirect

name 10.10.3.12 JetDirect2

access-list inside_outbound_nat0_acl permit ip 192.168.3.0 255.255.255.0 VPNHEADEND 255.255.255.0

access-list outside_cryptomap_20 permit ip 192.168.3.0 255.255.255.0 VPNHEADEND 255.255.255.0

access-list outside_access_in permit ip VPNHEADEND 255.255.255.0 any

access-list outside_access_in permit tcp host MailServer any

access-list outside_access_in permit ip HomeOffc 255.255.255.0 host [outside IP#2]

access-list outside_access_in permit ip HomeOffc 255.255.255.0 host [outside IP#1]

access-list outside_access_in permit ip host [PIX outside IP] any

ip address outside (PIX outside gateway IP) 255.255.255.xx

ip address inside 10.10.3.203 255.255.255.0

global (outside) 1 interface

nat (inside) 0 access-list inside_outbound_nat0_acl

nat (inside) 1 0.0.0.0 0.0.0.0 0 0

static (inside,outside) [outside IP#2] JetDirect2 netmask 255.255.255.255 0 0

static (inside,outside) [outside IP#1] JetDirect netmask 255.255.255.255 0 0

access-group outside_access_in in interface outside

route outside 0.0.0.0 0.0.0.0 [PIX outside IP] 1

I am using the PDM side to change the config, so there may be a problem with this as well?

thanks for the help!

crgm

1 REPLY
Bronze

Re: PIX 501 6.3 limited to 1 JetDirect?

PIX Firewall Versions 6.3 and higher let you use Media Access Control (MAC) addresses to bypass authentication for devices, such as Cisco IP Phones, that do not support AAA authentication. To use this feature, you identify the MAC addresses on the inside (higher security) interface. The PIX Firewall bypasses the AAA server for traffic that matches using both the MAC address and the IP address that has been dynamically assigned to the MAC address. Authorization services are automatically disabled when you bypass authentication. Accounting records are still generated (if enabled), but the username is not displayed.

http://www.cisco.com/en/US/products/sw/secursw/ps2120/products_configuration_guide_chapter09186a008017278e.html#1131354

114
Views
0
Helpful
1
Replies
CreatePlease to create content