Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
291
Views
5
Helpful
1
Replies

Printing through PIX 501

rmeder
Level 1
Level 1

‎12-23-2004 11:51 AM - edited ‎02-20-2020 11:49 PM

I have a server on the inside interface that I need to have printing to a printer on the outside interface. It was working fine, but has somehow quit working. No errors are showing up in the syslog, so I was hoping that someone would take a quick look at my current config and let me know if a problem exists.

Current config:

PIX Version 6.3(4)

interface ethernet0 auto

interface ethernet1 100full

nameif ethernet0 outside security0

nameif ethernet1 inside security100

enable password XXXXXX encrypted

passwd XXXXXX encrypted

hostname PIX-2

domain-name nexstore.internal

fixup protocol dns maximum-length 512

fixup protocol ftp 21

fixup protocol h323 h225 1720

fixup protocol h323 ras 1718-1719

fixup protocol http 80

fixup protocol rsh 514

fixup protocol rtsp 554

fixup protocol sip 5060

fixup protocol sip udp 5060

fixup protocol skinny 2000

fixup protocol smtp 25

fixup protocol sqlnet 1521

fixup protocol tftp 69

names

name 10.0.X.100 IBM_POS_Server

name 192.168.X.93 HP_4350

access-list inside_access_in permit icmp host IBM_POS_Server any

access-list inside_access_in permit tcp host IBM_POS_Server eq lpd host HP_4350 eq lpd

access-list outside_access_in permit icmp any host IBM_POS_Server

access-list outside_access_in permit tcp any gt 1023 host IBM_POS_Server eq telnet

pager lines 24

logging on

logging trap informational

logging host outside 192.168.X.10

icmp permit any outside

icmp permit any inside

mtu outside 1500

mtu inside 1500

ip address outside 192.168.X.2 255.255.255.0

ip address inside 10.0.X.2 255.255.255.0

ip audit info action alarm

ip audit attack action alarm

pdm location 204.x.x.x.255.255.255 inside

pdm location 192.168.X.11 255.255.255.255 outside

pdm location IBM_POS_Server 255.255.255.255 inside

pdm location 192.168.X.10 255.255.255.255 outside

pdm location HP_4350 255.255.255.255 outside

pdm location HP_4350 255.255.255.255 inside

pdm logging debugging 100

pdm history enable

arp timeout 14400

global (outside) 1 interface

nat (inside) 1 0.0.0.0 0.0.0.0 0 0

static (inside,outside) IBM_POS_Server IBM_POS_Server netmask 255.255.255.255 0 0

access-group outside_access_in in interface outside

access-group inside_access_in in interface inside

route inside IBM_POS_Server 255.255.255.255 10.0.X.2 1

route inside 204.90.X.225 255.255.255.255 10.0.X.1 1

timeout xlate 0:05:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00

timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00

timeout uauth 0:05:00 absolute

aaa-server TACACS+ protocol tacacs+

aaa-server TACACS+ max-failed-attempts 3

aaa-server TACACS+ deadtime 10

aaa-server RADIUS protocol radius

aaa-server RADIUS max-failed-attempts 3

aaa-server RADIUS deadtime 10

aaa-server LOCAL protocol local

http server enable

http 192.168.X.11 255.255.255.255 outside

no snmp-server location

no snmp-server contact

snmp-server community public

no snmp-server enable traps

floodguard enable

telnet timeout 5

ssh timeout 5

console timeout 0

terminal width 80

Cryptochecksum:xxxxx

: end

Thanks for any assistance!

Regards,

Rick

0 Helpful
1 Reply 1

nkhawaja
Cisco Employee
Cisco Employee

‎12-23-2004 04:34 PM

Hi,

I have doubt about this access-list

access-list inside_access_in permit tcp host IBM_POS_Server eq lpd host HP_4350 eq lpd

could you add another entry there like this

access-list inside_access_in permit tcp host IBM_POS_Server host HP_4350 eq lpd

thanks

Nadeem

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card