Public IP on Printer inside of PIX Firewall

rbarnes · ‎01-16-2003

How can i have a printer with a public IP address on the inside of my PIX firewall ? I have a client that needs to have a printer on a public IP address so the state and print reports to this printer. Any suggestions.

kevin-reynolds · ‎01-17-2003

All you have to do is

static (inside,outside) PublicIP PrivateIP 0 0

Static will take precedence over any NAT you may have set up. It could look two ways:

If your public range is 88.1.1.0 -

static (inside,outside) 88.1.1.10 88.1.1.10 0 0

or

static (inside,outside) 192.168.1.10 88.1.1.10 0 0

Kevin

tvanginneken · ‎01-17-2003

Hi,

in addition to the 'static' command, you need to create an 'access-list' that allows traffic from the outside to the printer on the inside.

Apply that 'access-list' to the outside interface of the pix with the 'access-group' command.

Please have a look at this URL:

http://www.cisco.com/warp/public/707/28.html

(ignore the outdated 'conduit' examples, but take a closer look to the 'access-list' examples)

Kind Regards,

Tom

jlepich · ‎01-26-2003

Here ya go...

name 207.208.0.1 MyPublicPrinter

name 10.0.0.1 MyPrivatePrinter

static (inside,outside) MyPublicPrinter MyPrivatePrinter netmask 255.255.255.255

access-list outside_access_in permit tcp any host MyPublicPrinter eq portyouwantopen

! if you want to open muliple tcp ports simply make an access-list for each port.

! if you want to open all IP ports use "access-list outside_access_in permit ip any host MyPublicPrinter"

access-group outside_access_in in interface outside

Hope this helps.