01-16-2003 06:43 PM - edited 02-20-2020 10:30 PM
How can i have a printer with a public IP address on the inside of my PIX firewall ? I have a client that needs to have a printer on a public IP address so the state and print reports to this printer. Any suggestions.
01-17-2003 10:48 AM
All you have to do is
static (inside,outside) PublicIP PrivateIP 0 0
Static will take precedence over any NAT you may have set up. It could look two ways:
If your public range is 88.1.1.0 -
static (inside,outside) 88.1.1.10 88.1.1.10 0 0
or
static (inside,outside) 192.168.1.10 88.1.1.10 0 0
Kevin
01-17-2003 04:55 PM
Hi,
in addition to the 'static' command, you need to create an 'access-list' that allows traffic from the outside to the printer on the inside.
Apply that 'access-list' to the outside interface of the pix with the 'access-group' command.
Please have a look at this URL:
http://www.cisco.com/warp/public/707/28.html
(ignore the outdated 'conduit' examples, but take a closer look to the 'access-list' examples)
Kind Regards,
Tom
01-26-2003 05:08 PM
Here ya go...
name 207.208.0.1 MyPublicPrinter
name 10.0.0.1 MyPrivatePrinter
static (inside,outside) MyPublicPrinter MyPrivatePrinter netmask 255.255.255.255
access-list outside_access_in permit tcp any host MyPublicPrinter eq portyouwantopen
! if you want to open muliple tcp ports simply make an access-list for each port.
! if you want to open all IP ports use "access-list outside_access_in permit ip any host MyPublicPrinter"
access-group outside_access_in in interface outside
Hope this helps.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide