Debugging a mainframe printer install on PIX 506

Discussion in 'Cisco' started by Bruce Meyer, Apr 25, 2007.

  1. Bruce Meyer

    Bruce Meyer Guest

    Trying to get a Unisys Mainframe to be able to install a printer.
    The printer installs fine from the Windows 2003 side, and prints.
    But I haven't a clue why it can't isntall on the MCP side.

    I figured I could turn on some debugging on the Cisco 506 and see what
    was going on. i can't for the life of me figure out what debug
    commands to enter to watch what I assume is 'ip' traffic.
    They Unisys techs are certain the print to port 9100 (lpr?)

    My sh access-list shows:
    access-list acl_out permit ip host MAINFR-PR1 any (hitcnt=0)
    access-list acl_out permit ip host MAINFR-PR2 any (hitcnt=0)
    access-list acl_out permit ip host AETHUSA host LUNA (hitcnt=0)
    access-list acl_out permit ip host AETHRA host LUNA (hitcnt=42)


    my configs relevant lines are:

    static (inside,outside) MAINFR-PR1 MAINFR-PR1 netmask 255.255.255.255
    0 0
    static (inside,outside) MAINFR-PR2 MAINFR-PR2 netmask 255.255.255.255
    0 0
    access-list acl_out permit ip host MAINFR-PR1 any
    access-list acl_out permit ip host MAINFR-PR2 any
    access-list acl_out permit ip host AETHUSA host LUNA
    access-list acl_out permit ip host AETHRA host LUNA

    AETHRA is the windows side of the mainframe.
    AETHUSA is the MCP side.
    LUNA is the windows print server behind the firewall.
    MAINFR-PR1 and 2 are the HP printers that print fine from the window
    print server, but aren't being hit via the MCP printing directly to
    their IP addresses.

    I would appreciate any idea's.
    What would be very useful, is a functioning debug command. The syntax
    on the '?' is somewhat maddening to me. icmp is easy, but ip, just
    isn't being accepted.

    Bruce D. Meyer
     
    Bruce Meyer, Apr 25, 2007
    #1
    1. Advertisements

  2. Bruce Meyer

    mcaissie Guest





    Instead of doing a debug you can activate
    a capture to see what traffic is going through the PIX.

    I didn't completely understand what devices are on the inside
    and outside of your firewall , but if you want to capture all
    traffic between a device outside DEVOUT and a device inside DEVIN,
    you can do the following.;

    For traffic incoming or leaving the outside interface

    -Create an access-list
    access-list caplo permit ip host DEVOUT host DEVIN
    access-list caplo permit ip host DEVIN host DEVOUT

    -Activate a packet capture
    capture capout access-list caplo interface outside

    -check the result
    sh capture capout
    ( clear capture capout to reset the buffer , and no capture capout when
    your done)

    Fot traffic incoming or leaving the inside interface

    -Create an access-list
    access-list capli permit ip host DEVOUT host DEVIN
    access-list capli permit ip host DEVIN host DEVOUT

    -Activate a packet capture
    capture capin access-list capli interface inside

    -check the result
    sh capture capin
    ( clear capture capin to reset the buffer , and no capture capin when
    your done)


    You can run both simultaneously (preferably with different acl, even if they
    are identical),
    and play with your acl to pinpoint the traffic you want to monitor.
     
    mcaissie, Apr 26, 2007
    #2
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.