Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1842
Views
0
Helpful
3
Replies

Issue with wireless printing connected to firewall

burleyman
Level 8
Level 8

‎12-03-2016 12:27 PM - edited ‎03-12-2019 01:37 AM

I have an wireless AP connected to a Cisco 5505 ASA on port eth0/6 and the internet connected to int eth0/0.

The wireless AP gets its IP address via DHCP.

I also have a wireless printer with an IP address of 10.0.1.10 configured and the Gateway is 10.0.1.1

I can ping the wireless printer from my desktop and from the ASA.

I can access the internet.

What I can seem to do is print to the printer.

I did have a Meraki setup in place and was able to print with no issues but the license expired on the Meraki equipment so I wanted to use s Cisco ASA 5505 that I had.

Not sure why I can ping the printer but not print to it.

What am I missing?

Here is the ASA config.


ciscoasa# show run
: Saved
:
ASA Version 8.2(4)
!
hostname ciscoasa
enable password
passwd
names
!
interface Ethernet0/0
description internet
switchport access vlan 2
!
interface Ethernet0/1
shutdown
!
interface Ethernet0/2
shutdown
!
interface Ethernet0/3
shutdown
!
interface Ethernet0/4
shutdown
!
interface Ethernet0/5

shutdown
!
interface Ethernet0/6
description Aruba AP
!
interface Ethernet0/7
shutdown
!
interface Vlan1
nameif inside
security-level 100
ip address 10.0.1.1 255.255.255.0
!
interface Vlan2
nameif outside
security-level 0
ip address dhcp setroute
!
!
ftp mode passive
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
pager lines 24
mtu inside 1500
mtu outside 1500
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
global (outside) 10 interface
nat (inside) 10 10.0.1.0 255.255.255.0
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-record DfltAccessPolicy
aaa authentication ssh console LOCAL
aaa authentication http console LOCAL
http server enable
http 10.0.1.0 255.255.255.0 inside
no snmp-server location

no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
telnet 10.0.1.0 255.255.255.0 inside
telnet timeout 5
ssh 10.0.1.0 255.255.255.0 inside
ssh timeout 5
console timeout 0
dhcpd dns 8.8.8.8
!
dhcpd address 10.0.1.100-10.0.1.131 inside
dhcpd enable inside
!

threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
webvpn
username xxxx password xxxxxxx encrypted privilege 15
!
class-map inspection_default
match default-inspection-traffic
!

!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect ip-options
inspect netbios
inspect rsh
inspect rtsp
inspect skinny
inspect esmtp
inspect sqlnet
inspect sunrpc
inspect tftp
inspect sip
inspect xdmcp
!
service-policy global_policy global

prompt hostname context
call-home
profile CiscoTAC-1
no active
destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
destination address email callhome@cisco.com
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly
subscribe-to-alert-group configuration periodic monthly
subscribe-to-alert-group telemetry periodic daily
Cryptochecksum:a0ece5e4fa074ef7645d05fee4dce0be
: end

Thanks,

Mike

Labels:
0 Helpful
3 Replies 3

cofee
Level 5
Level 5

‎12-03-2016 02:21 PM

I am trying to think what makes you think that it's an issue with the firewall. I am assuming that your (wireless)laptop and the wireless printer are on the same subnet. Why would the traffic go through the firewall?

0 Helpful

burleyman
Level 8
Level 8
In response to cofee

‎12-06-2016 04:03 AM

I actually did not think it was the Firewall but wanted to make sure I did not miss something or have something that I did not see that was blocking something.

Odd part is I put my Meraki gear back in place, switch and firewall with the same AP and printing worked with no problem and nothing was changed on the AP or printer. So the only difference is in the Meraki setup I have a Meraki switch that the AP is connected to and in the other setup I have the AP directly connected to the ASA. I think I am just missing something stupid.

Thanks

Mike

0 Helpful

cofee
Level 5
Level 5
In response to burleyman

‎12-06-2016 05:20 AM

Hi there,

you mentioned that you are able to ping the wireless ip from the laptop, that means connectivity is there. You may have already checked it but can you confirm that you are mapped to the right address, because when you changed the set up your printer might have received a new ip but you may be still mapped to the old address. Under printer properties and then ports you should see what address printer is using the one you are mapped to or just remap it.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card