03-31-2004 11:24 AM - edited 03-02-2019 02:41 PM
I have a PIX 501 Version 6.3(3) and I have successfully added access for one JetDirect, but when I added a second JetDirect printer on the LAN I am able to print only to one. I have deleted and added in the ACL for both JetDirects but only the printer showing on top (its JetDirect2 right now) can print.
Any Ideas? here's the portion of the config:
name 10.10.3.11 JetDirect
name 10.10.3.12 JetDirect2
access-list inside_outbound_nat0_acl permit ip 192.168.3.0 255.255.255.0 VPNHEADEND 255.255.255.0
access-list outside_cryptomap_20 permit ip 192.168.3.0 255.255.255.0 VPNHEADEND 255.255.255.0
access-list outside_access_in permit ip VPNHEADEND 255.255.255.0 any
access-list outside_access_in permit tcp host MailServer any
access-list outside_access_in permit ip HomeOffc 255.255.255.0 host [outside IP#2]
access-list outside_access_in permit ip HomeOffc 255.255.255.0 host [outside IP#1]
access-list outside_access_in permit ip host [PIX outside IP] any
ip address outside (PIX outside gateway IP) 255.255.255.xx
ip address inside 10.10.3.203 255.255.255.0
global (outside) 1 interface
nat (inside) 0 access-list inside_outbound_nat0_acl
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
static (inside,outside) [outside IP#2] JetDirect2 netmask 255.255.255.255 0 0
static (inside,outside) [outside IP#1] JetDirect netmask 255.255.255.255 0 0
access-group outside_access_in in interface outside
route outside 0.0.0.0 0.0.0.0 [PIX outside IP] 1
I am using the PDM side to change the config, so there may be a problem with this as well?
thanks for the help!
crgm
04-06-2004 12:33 PM
PIX Firewall Versions 6.3 and higher let you use Media Access Control (MAC) addresses to bypass authentication for devices, such as Cisco IP Phones, that do not support AAA authentication. To use this feature, you identify the MAC addresses on the inside (higher security) interface. The PIX Firewall bypasses the AAA server for traffic that matches using both the MAC address and the IP address that has been dynamically assigned to the MAC address. Authorization services are automatically disabled when you bypass authentication. Accounting records are still generated (if enabled), but the username is not displayed.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide