Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
317
Views
0
Helpful
1
Replies

PIX 501 6.3 limited to 1 JetDirect?

crgmdallas
Level 1
Level 1

‎03-31-2004 11:24 AM - edited ‎03-02-2019 02:41 PM

I have a PIX 501 Version 6.3(3) and I have successfully added access for one JetDirect, but when I added a second JetDirect printer on the LAN I am able to print only to one. I have deleted and added in the ACL for both JetDirects but only the printer showing on top (its JetDirect2 right now) can print.

Any Ideas? here's the portion of the config:

name 10.10.3.11 JetDirect

name 10.10.3.12 JetDirect2

access-list inside_outbound_nat0_acl permit ip 192.168.3.0 255.255.255.0 VPNHEADEND 255.255.255.0

access-list outside_cryptomap_20 permit ip 192.168.3.0 255.255.255.0 VPNHEADEND 255.255.255.0

access-list outside_access_in permit ip VPNHEADEND 255.255.255.0 any

access-list outside_access_in permit tcp host MailServer any

access-list outside_access_in permit ip HomeOffc 255.255.255.0 host [outside IP#2]

access-list outside_access_in permit ip HomeOffc 255.255.255.0 host [outside IP#1]

access-list outside_access_in permit ip host [PIX outside IP] any

ip address outside (PIX outside gateway IP) 255.255.255.xx

ip address inside 10.10.3.203 255.255.255.0

global (outside) 1 interface

nat (inside) 0 access-list inside_outbound_nat0_acl

nat (inside) 1 0.0.0.0 0.0.0.0 0 0

static (inside,outside) [outside IP#2] JetDirect2 netmask 255.255.255.255 0 0

static (inside,outside) [outside IP#1] JetDirect netmask 255.255.255.255 0 0

access-group outside_access_in in interface outside

route outside 0.0.0.0 0.0.0.0 [PIX outside IP] 1

I am using the PDM side to change the config, so there may be a problem with this as well?

thanks for the help!

crgm

Labels:
0 Helpful
1 Reply 1

vmoopeung
Level 5
Level 5

‎04-06-2004 12:33 PM

PIX Firewall Versions 6.3 and higher let you use Media Access Control (MAC) addresses to bypass authentication for devices, such as Cisco IP Phones, that do not support AAA authentication. To use this feature, you identify the MAC addresses on the inside (higher security) interface. The PIX Firewall bypasses the AAA server for traffic that matches using both the MAC address and the IP address that has been dynamically assigned to the MAC address. Authorization services are automatically disabled when you bypass authentication. Accounting records are still generated (if enabled), but the username is not displayed.

http://www.cisco.com/en/US/products/sw/secursw/ps2120/products_configuration_guide_chapter09186a008017278e.html#1131354

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card