Advertisement

11.29.2005 at 03:28PM PST, ID: 21647198
[x]
Attachment Details
[x]
The Solution Rating System

With so many solutions, how can you tell which solutions are most likely to help you and which ones are not? To provide you with a tool to use, we rate our solutions based on various elements that most accurately determine if a solution is a quality solution. To explain what factors affect the solution rating, here are the elements we take into consideration when formulating our solution rating.

  • The Grade of the Solution
  • The Zone Rank of the Expert Providing the Solution
  • The Number of Author and Expert Comments
  • The Number of Experts Contributing
  • The Feedback of the Community

Your Input Matters
Because of the way the system is set up, the most important variable in this equation is you. As a member of Experts Exchange, you are able to cast your vote on the quality of the solutions in regard to how complete, accurate, helpful and easy to understand each solution is. When you provide your feedback, each rating is adjusted accordingly. So, if you see a solution that has a poor rating that you think is a good solution, let us know by rating it. As you do, the rating will be adjusted and will become more accurate for other members of our site.

If you have any suggestions that you would like to make for our rating system, please ask a question in the Suggestions Zone of Community Support.

Thank you!
6.6
Cisco VPN version 3.6.3(A): Printing to a local TCP/IP network printer
Zone: Virtual Private Networking (VPN)
Tags: vpn, cisco, local, printing, printer
Ok..  We are installing new HP Color Laser Printers at 55 of our remote locations, all of which connect via the Cisco Client version 3.6.3.  (Our network/security admin tells me that we cannot upgrade to a newer client version without upgrading our PIX firmware, which they tell me is outside the budget.  I know, we can find the money for Color Lasers, but not for security, lol, eh?)  :)

Anyway, we cannot print locally to the LAN Printers at the locations with the VPN client enabled.  Neither can I ping the printer with it enabled.  Because of the tunnel, this does not surprise me, but there has got to be a way around this.  Perhaps adding a static route to the printer?

Anyone want to tell me how?  Welcome all suggestions!

Thanks,

FE
Start your free trial to view this solution
Question Stats
Zone: Networking
Question Asked By: Fatal_Exception
Solution Provided By: lrmoore
Participating Experts: 1
Solution Grade: A
Views: 78
Translate:
Loading Advertisement...
11.29.2005 at 04:08PM PST, ID: 15384479

Rank: Sage

lrmoore:

All comments and solutions are available to Premium Service Members only.

Start your 7 day free trial and see for yourself why Experts Exchange is the easiest and most proven technology resource in the world. Get Started

Already a member? Login to view this solution.

 
11.29.2005 at 04:59PM PST, ID: 15384697
Fatal_Exception:

All comments and solutions are available to Premium Service Members only.

Start your 7 day free trial and see for yourself why Experts Exchange is the easiest and most proven technology resource in the world. Get Started

Already a member? Login to view this solution.

 
11.29.2005 at 05:04PM PST, ID: 15384714

Rank: Sage

lrmoore:

All comments and solutions are available to Premium Service Members only.

Start your 7 day free trial and see for yourself why Experts Exchange is the easiest and most proven technology resource in the world. Get Started

Already a member? Login to view this solution.

 
11.29.2005 at 05:05PM PST, ID: 15384720

Rank: Sage

lrmoore:

All comments and solutions are available to Premium Service Members only.

Start your 7 day free trial and see for yourself why Experts Exchange is the easiest and most proven technology resource in the world. Get Started

Already a member? Login to view this solution.

 
11.29.2005 at 05:29PM PST, ID: 15384822
Fatal_Exception:

All comments and solutions are available to Premium Service Members only.

Start your 7 day free trial and see for yourself why Experts Exchange is the easiest and most proven technology resource in the world. Get Started

Already a member? Login to view this solution.

 
11.29.2005 at 06:01PM PST, ID: 15384940
Fatal_Exception:

All comments and solutions are available to Premium Service Members only.

Start your 7 day free trial and see for yourself why Experts Exchange is the easiest and most proven technology resource in the world. Get Started

Already a member? Login to view this solution.

 
11.29.2005 at 06:17PM PST, ID: 15384982
Fatal_Exception:

All comments and solutions are available to Premium Service Members only.

Start your 7 day free trial and see for yourself why Experts Exchange is the easiest and most proven technology resource in the world. Get Started

Already a member? Login to view this solution.

 
11.29.2005 at 07:20PM PST, ID: 15385224

Rank: Sage

lrmoore:

All comments and solutions are available to Premium Service Members only.

Start your 7 day free trial and see for yourself why Experts Exchange is the easiest and most proven technology resource in the world. Get Started

Already a member? Login to view this solution.

 
11.30.2005 at 04:48AM PST, ID: 15387498
Fatal_Exception:

All comments and solutions are available to Premium Service Members only.

Start your 7 day free trial and see for yourself why Experts Exchange is the easiest and most proven technology resource in the world. Get Started

Already a member? Login to view this solution.

 
11.30.2005 at 06:04AM PST, ID: 15388001

Rank: Sage

lrmoore:

All comments and solutions are available to Premium Service Members only.

Start your 7 day free trial and see for yourself why Experts Exchange is the easiest and most proven technology resource in the world. Get Started

Already a member? Login to view this solution.

 
11.30.2005 at 08:14AM PST, ID: 15389243
Fatal_Exception:

All comments and solutions are available to Premium Service Members only.

Start your 7 day free trial and see for yourself why Experts Exchange is the easiest and most proven technology resource in the world. Get Started

Already a member? Login to view this solution.

 
11.30.2005 at 02:40PM PST, ID: 15392386

Rank: Sage

lrmoore:

All comments and solutions are available to Premium Service Members only.

Start your 7 day free trial and see for yourself why Experts Exchange is the easiest and most proven technology resource in the world. Get Started

Already a member? Login to view this solution.

 
11.30.2005 at 05:27PM PST, ID: 15393309
Fatal_Exception:

All comments and solutions are available to Premium Service Members only.

Start your 7 day free trial and see for yourself why Experts Exchange is the easiest and most proven technology resource in the world. Get Started

Already a member? Login to view this solution.

 
11.30.2005 at 07:03PM PST, ID: 15393746

Rank: Sage

lrmoore:

All comments and solutions are available to Premium Service Members only.

Start your 7 day free trial and see for yourself why Experts Exchange is the easiest and most proven technology resource in the world. Get Started

Already a member? Login to view this solution.

 
12.02.2005 at 12:21PM PST, ID: 15407696

Rank: Sage

lrmoore:

All comments and solutions are available to Premium Service Members only.

Start your 7 day free trial and see for yourself why Experts Exchange is the easiest and most proven technology resource in the world. Get Started

Already a member? Login to view this solution.

 
12.02.2005 at 03:44PM PST, ID: 15409132
Fatal_Exception:

All comments and solutions are available to Premium Service Members only.

Start your 7 day free trial and see for yourself why Experts Exchange is the easiest and most proven technology resource in the world. Get Started

Already a member? Login to view this solution.

 
12.02.2005 at 04:06PM PST, ID: 15409230

Rank: Sage

lrmoore:

All comments and solutions are available to Premium Service Members only.

Start your 7 day free trial and see for yourself why Experts Exchange is the easiest and most proven technology resource in the world. Get Started

Already a member? Login to view this solution.

 
12.02.2005 at 05:47PM PST, ID: 15409505
Fatal_Exception:

All comments and solutions are available to Premium Service Members only.

Start your 7 day free trial and see for yourself why Experts Exchange is the easiest and most proven technology resource in the world. Get Started

Already a member? Login to view this solution.

 
12.08.2005 at 05:48PM PST, ID: 15449926
Fatal_Exception:

All comments and solutions are available to Premium Service Members only.

Start your 7 day free trial and see for yourself why Experts Exchange is the easiest and most proven technology resource in the world. Get Started

Already a member? Login to view this solution.

 
 
Loading Advertisement...
Microsoft
  • Internet Protocols
  • Applications
  • Development
  • OS
  • Hardware
  • Windows Security
Apple
  • Operating Systems
  • Hardware
  • Programming
  • Networking
  • Software
Internet
  • Search Engines
  • File Sharing
  • WebTrends / Stats
  • Spy / Ad Blockers
  • Web Browsers
  • New Net Users
  • Web Development
  • Chat / IM
  • Anti Spam
  • Web Servers
  • Anti-Virus
  • Email Clients
Gamers
  • Tips
  • Online / MMORPG
  • Puzzle
  • Emulators
  • Action / Adventure
  • Role Playing
  • Consoles
  • Game Programming
  • Strategy
  • Sports
  • Misc
  • Computer Games
Digital Living
  • Hardware
  • New Net Users
  • New Users
  • Software
  • Digital Music
  • Gaming World
  • Home Security
  • Apple
  • Networking Hardware
Virus & Spyware
  • Vulnerabilities
  • IDS
  • Encryption
  • Anti-Virus
  • Operating Systems Security
  • Software Firewalls
  • WebApplications
  • Cell Phones
  • Operating Systems
  • Internet
  • Hardware Firewalls
Hardware
  • Handhelds / PDAs
  • Displays / Monitors
  • Components
  • Networking Hardware
  • Peripherals
  • Laptops/Notebooks
  • Storage
  • Servers
  • Desktops
  • New Users
  • Misc
  • Apple
Software
  • System Utilities
  • Industry Specific
  • Network Management
  • Photos / Graphics
  • Page Layout
  • VMWare
  • Misc
  • Web Development
  • OS
  • CYGWIN
  • Voice Recognition
  • Message Queue
  • Quality Assurance
  • Security
  • Firewalls
  • MultiMedia Applications
  • Development
  • Database
  • Office / Productivity
  • Business Management
  • OS/2 Apps
  • Server Software
  • Internet / Email
ITPro
  • OS
  • Storage
  • Encryption
  • Operating Systems Security
  • Apple Hardware
  • Laptops & Notebooks
  • Servers
  • Networking Hardware
  • Peripherals
  • Devices
  • Displays / Monitors
  • WebTrends / Stats
  • Search Engines
  • Firewalls
  • WebApplications
  • IDS
  • Vulnerabilities
  • Email Clients
  • File Sharing
  • Spy / Ad Blockers
  • Web Browsers
  • Web Servers
  • Networking
  • Anti-Virus
  • Chat / IM
  • Anti Spam
Developer
  • Web Servers
  • Web Browsers
  • Game Programming
  • Dev Tools
  • Industry Specific
  • Office / Productivity
  • Database
  • CYGWIN
  • Web Development
  • Search Engines
  • File Sharing
  • WebTrends / Stats
  • Programming
  • Content Management
  • Application Servers
  • Protocols
Storage
  • Removable Backup Media
  • Storage Technology
  • Servers
  • Grid
  • Remote Access
  • Backup / Restore
  • Misc
  • Hard Drives
OS
  • Miscellaneous
  • Security
  • Development
  • Linux
  • VMWare
  • MainFrame OS
  • Unix
  • Apple
  • OS / 2
  • AS / 400
  • BeOS
  • Microsoft
  • VMS / OpenVMS
Database
  • Oracle
  • Miscellaneous
  • MySQL
  • Software
  • Sybase
  • Contact Management
  • PostgreSQL
  • Data Manipulation
  • Clarion
  • InterSystems Cache
  • Siebel
  • MUMPS
  • OLAP
  • SQLBase
  • SAS
  • GIS & GPS
  • 4GL
  • Berkeley DB
  • DB2
  • Informix
  • Interbase / Firebird
  • FoxPro
  • Reporting
  • LDAP
  • Filemaker Pro
  • MS SQL Server
  • dBase
  • MS Access
Security
  • Misc
  • Web Browsers
  • Software Firewalls
  • Operating Systems Security
  • File Sharing
  • Spy / Ad Blockers
  • Vulnerabilities
  • WebApplications
  • IDS
  • Anti-Virus
  • Encryption
  • Anti Spam
  • Email Clients
  • VPN
  • Chat / IM
Programming
  • Editors IDEs
  • Installation
  • Handhelds / PDAs
  • Multimedia Programming
  • System / Kernel
  • Algorithms
  • Game
  • Signal Processing
  • Project Management
  • Open Source
  • Database
  • Misc
  • Languages
  • Processor Platforms
  • Theory
Web Development
  • Scripting
  • Blogs
  • Web Servers
  • Software
  • Search Engines
  • Web Graphics
  • Images
  • Internet Marketing
  • Images and Photos
  • Components
  • Document Imaging
  • Web Languages/Standards
  • Illustration
  • WebApplications
  • Fonts
  • WebTrends / Stats
  • Authoring
  • Digital Camera Software
  • Miscellaneous
Networking
  • Protocols
  • Apple Networking
  • Network Management
  • Message Queue
  • Application Servers
  • Content Management
  • File Servers
  • Email Servers
  • Misc
  • Java Editors & IDEs
  • Wireless
  • Networking Hardware
  • Backup / Restore
  • System Utilities
  • ISPs & Hosting
  • Web Servers
  • Storage Technology
  • Removable Backup Media
  • Servers
  • Broadband
  • Grid
  • OS / 2
  • Novell Netware
  • Unix Networking
  • Windows Networking
  • Security
  • Telecommunications
  • Operating Systems
  • Linux Networking
Other
  • Community Advisor
  • Lounge
  • Community Support
  • New Net Users
  • Philosophy / Religion
  • Math / Science
  • Miscellaneous
  • URLs
  • Expert Lounge
  • Politics
  • Puzzles / Riddles
Community Support
  • Suggestions
  • New to EE
  • New Topics
  • Community Advisor
  • CleanUp
  • Announcements
  • General
  • Feedback
  • Input
  • EE Bugs
 
11.29.2005 at 04:08PM PST, ID: 15384479

Rank: Sage

lrmoore:
Is Split-tunneling allowed on the PIX with the clients?
Is 'allow local LAN access' box checked on the client?
I think your PIX admin is smoking something. You can upgrade your client to latest 4.7 if you want to without changing anything on the PIX. What version OS is running on the PIX?
If the clients are XP/SP2 you may not have any choice except to upgrade the clients
 
11.29.2005 at 04:59PM PST, ID: 15384697
Fatal_Exception:
Thanks, I was hoping you were watching, and would give me some advice, lrm...  :)

Is Split-tunneling allowed on the PIX with the clients?<<     Not sure, but I will check tomorrow.
Is 'allow local LAN access' box checked on the client?<<     Yes, I have enabled this checkbox, and no change.
I think your PIX admin is smoking something. You can upgrade your client to latest 4.7 if you want to without changing anything on the PIX. What version OS is running on the PIX?<<     *grin*  I agree!

I do know that once the VPN is established, I cannot ping the local Printer's IP address.  I have tried using IPX, and although it works on the old 98 clients (running the VPN client), I cannot print via IPX at all on the XP clients.

The gentleman that administers this network is an long-time CNE guy, that has resisted any changes to the network from the beginning of time.  You know the type...  Personally, I would like to install a hardware appliance at the remote locations, and create hardware to hardware VPNs, but they tell me it is not in the budget...  I can get a heck of a price on 80 Cisco 501's, but, they still won't spring for it...

I will see if version 4.7 corrects this tomorrow, and get back to you.

Thanks again for stopping in and helping, lrmoore!

FE
 
11.29.2005 at 05:04PM PST, ID: 15384714

Rank: Sage

lrmoore:
just stumbling around... hope I can help you out..

If they won't spring for PIX 501's how about Linksys RV042's ?


 
11.29.2005 at 05:05PM PST, ID: 15384720

Rank: Sage

lrmoore:
One more question. The Client's home LAN with the local printer - does it just happen to be the same as the lan IP subnet on the other end of the VPN tunnel??? If yes, then you have but one choice - change the local LAN IP subnet to be different..
 
11.29.2005 at 05:29PM PST, ID: 15384822
Fatal_Exception:
Good question, Lrm..   No, I purposefully setup the 'home' locations with a Class C scheme, whereas we are running Class B at corporate...  

Linksys RV042?  have not used one of these before..  are they compatible with PIX concentrators?  (I know that you can purchase firmware upgrades for WiFi Linksys models, and that they can be used to connect to the concentrator...)

 
11.29.2005 at 06:01PM PST, ID: 15384940
Fatal_Exception:
This was an interesting read..

http://www.experts-exchange.com/Networking/Broadband/VPN/Q_21135245.html

You really stuck with him on this question...  talk about perseverence!

But, the bottom line is that we shouild be able to print to our local TCP printers (by the way, these use external Jetdirect hardware) using the current hardware, but different client software...  

I might have the 4.7 client somewhere on my network, so I will take a look and see if I can find it, then test from here...
 
11.29.2005 at 06:17PM PST, ID: 15384982
Fatal_Exception:
Lrm..  you don't have a link for 4.7, do you?  I thought that I could download it directly from Cisco, but my CCNA does not give me that privelege...  :(
 
11.29.2005 at 07:20PM PST, ID: 15385224

Rank: Sage

lrmoore:
I could get you a link on Friday, but I'm away from home this week and no way to post it up..
 
11.30.2005 at 04:48AM PST, ID: 15387498
Fatal_Exception:
No problem, lrm..  we can wait till then, while I try to find a way around this...

could you tell me what to look for in the running config, or how to enable 'split tunneling' with a command?  (although they don't give me access to the PIX, I will look for a saved copy on the IT secure server, where I do have access...)
 
11.30.2005 at 06:04AM PST, ID: 15388001

Rank: Sage

lrmoore:
If split-tunneling is enabled, there will be a command in the vpngroup like this:
  vpngroup GROUPNAME split-tunnel <Access-list>

It probably doesn't matter one way or other for this particular issue, just trying to get a big picture..
The bigger issue could be the same IP subnets on both ends of the VPN... You didn't answer that question.


 
11.30.2005 at 08:14AM PST, ID: 15389243
Fatal_Exception:
>>The bigger issue could be the same IP subnets on both ends of the VPN... You didn't answer that question.>>

Nope, we are using 172.16.x.x / 16 at Corporate, whereas I am using a Class C 192.168.1.x at our remote locations.

Here is a question for you though...  I noticed that once I enable the VPN, I cannot ping the local IP Address of the Jetdirect Printer.  The print job spools, and when I disconnect from the VPN, then it prints, and I assume this is because it can finally 'see' the TCP printer.

So, when the VPN is enabled, should I be able to ping resources on the local subnet?  
Is there a way I can setup routes to these resources so I can route these packets to the proper location?

I should know the answers to these questions, but for the life of me I cannot get myself around it!

FE
 
11.30.2005 at 02:40PM PST, ID: 15392386

Rank: Sage

lrmoore:
No routing will help at all. Local addresses are just that - local and no route needed.
If split-tunneling is not enabled, then ALL ip traffic will be forced down the tunnel - probably including local subnet traffic.
VPN concentrators and the new ASA5500 has more options for controlling the behavior of the VPN client, but the PIX only provides basic connectivity..
 
11.30.2005 at 05:27PM PST, ID: 15393309
Fatal_Exception:
Thanks.  I got our account information from our CIO today and downloaded the 4.7 client.  It worked flawlessly, but did not help my situation, as you probably already know...    The CNE admin will eat a little crow tomorrow..

I am going to dig a little deeper tomorrow and see if I can find anything that looks like split tunneling on our concentrator..  (BTW:  I did find out today that we are using a Cisco Concentrator, not the PIX, for our VPN...)

Take care..  it looks like you are going to have a 'white' Xmas coming to your area of the country..  :)

 
11.30.2005 at 07:03PM PST, ID: 15393746

Rank: Sage

lrmoore:
I wouldn't count on a white Christmas south of the Mason Dixon line...
I'm in Arizona today, but back in Alabama tomorrow...

Cheers!
 
12.02.2005 at 12:21PM PST, ID: 15407696

Rank: Sage

lrmoore:
..
 
12.02.2005 at 03:44PM PST, ID: 15409132
Fatal_Exception:
Got em!  Thanks, lrm!

One more question...  is there a setting on a Cisco VPN Concentrator that specifically allows Lan Access?  (the other side of the client 'allow local LAN access')
 
12.02.2005 at 04:06PM PST, ID: 15409230

Rank: Sage

lrmoore:
Yes, there is a setting on a VPN Concentrator. It was a checkbox "allow local LAN access" for the client group, or it might have been moved to the split-tunneling policy section in the newer releases.

It's been a while since I've played with one of these...
http://www.cisco.com/univercd/cc/td/doc/product/vpn/vpn3000/4_1/config/usermgt.htm

"To configure the Allow Networks in List to Bypass Tunnel option, choose **VPN Client Local LAN from the Split Tunnel Network List menu**
Accepted Solution
 
12.02.2005 at 05:47PM PST, ID: 15409505
Fatal_Exception:
That is what I was looking for!  Thanks again for all your help!

I am going to leave this open over the weekend, in case I have another question, but I think that was what I was missing...  
 
12.08.2005 at 05:48PM PST, ID: 15449926
Fatal_Exception:
Again, thanks...  through your help, and some hard decision making, we finally worked this out...

Till next time..

FE
 
 
20080236-EE-VQP-29