Solved

Remote network using vpn client can't print on their network printers

Posted on 2004-04-30
10
1,664 Views
Last Modified: 2012-06-27
My company is utilizing a cisco 3005 vpn concentrator and Cisco's VPN client V3.6.3 to establish a VPN tunnel between our network and a clients network, Assigning them a local IP on our local network. We then use VNC to remotely control one of their workstations to access their network to perform our work.

When we are setting up the remote client we must check the box "allow local lan access" to allow the computer access to the lan otherwise the networked application that we use on the clients computer cannot access the server.

The problem comes into play where we can not print to networked printers on the clients network. They error out even if we print a test page with status "unable to connect" Once the VPN client is disconnected, their network returns to normal and they regain full functionality.

It is my understanding from reading other topics on this forum that the way the VPN client works is to reassign the default gateway, as a result redirecting all tcp/ip traffic through the tunnel. I understand that there are clients that might fix this problem providing split tunell functionality.

Is there a way to configure my current hardware/vpn client to fix my problem?

Are there other vpn clients that will easily work that will provide this functionality without errors like this?

Thank you!

Sadian
0
Comment
Question by:sadian
  • 5
  • 2
  • 2
  • +1
10 Comments
 
LVL 2

Author Comment

by:sadian
ID: 10963208
After posting this question, I think I may have found my own answer please confirm the follow about the limitations of Cisco's VPN client software limitations:

This is an excerpt from page 30 of the VPN client admin guide:

When the VPN Client is connected and configured for local LAN access, you cannot print or browse by name on the local LAN. When the VPN Client is disconnected, you can print or browse by name.

You can browse or print by IP Address. To print, you can change the properties for the network printer to use the IP Address instead of names. For example instead of the syntax \\sharename\printername, use
\\x.x.x.x\printername, where x.x.x.x is an IP address.

To print and browse by name, you can use an LMHOSTS file. To do this, add the IP addresses and local hostnames to a text file named LMHOSTS and place it on all your local PCs in the \Windows directory.

The PC’s TCP/IP stack then uses the IP address to hostname mapping in the LMHOSTS file to resolve the name when printing or browsing. This approach requires that all local hosts have a static IP address; or if you are using DHCP, you must configure local hosts to always get the same IP address.
Example LMHOSTS file:
192.168.1.100 MKPC
192.168.1.101 SBPC
192.168.1.101 LHPC

Hense, I should be able to create a c:\windows\LMHOSTS file that contains for instance:

192.168.0.1 SERVER1

and windows will automatically redirect to the proper computer that has the shared printer?

Thanks!

Sadian
0
 
LVL 11

Accepted Solution

by:
ewtaylor earned 500 total points
ID: 10963534
That should work just make sure your lan and the remote lan are on different ip addressing schemes. If you both use the 192.168.0.xxx subnet then you will run into trouble
0
 
LVL 2

Author Comment

by:sadian
ID: 10964341
certainly, our internal subnet is very off the wall :-)

I guess the real problem Im facing in light of this is considering DHCP configuration. most of my clients run small (10-20 station) networks with DHCP. Considering that most all of my clients run DHCP and also considering that to access the printers, I need to know the IP of the server/workstation it is attached to, what is the simplest way to get around this without reconfiguring the whole network for static ips?

Thank you!

Sadian
0
Connect further...control easier

With the ATEN CE624, you can now enjoy a high-quality visual experience powered by HDBaseT technology and the convenience of a single Cat6 cable to transmit uncompressed video with zero latency and multi-streaming for dual-view applications where remote access is required.

 
LVL 11

Expert Comment

by:ewtaylor
ID: 10977630
Hmm best way would be for one of the printers to be directly connected to the network via a hp printer server or some other print server (linksys etc.)
0
 

Expert Comment

by:JamesIEvans
ID: 11092038
I have a similar setup. At work we have a VPN 3000 and I can connect just fine. I would like to print to my printer at home, which is connected to a linksys router as is the home computer.

I think I have split tunneling setup correctly with a network list. Should both the corporate lan (10.206.XX.XXX) and the home network (192.168.1.XXX) be on the list, or just the home network?

I have an lmhosts file with an entry of 192.168.1.XXX and the name of the printer. Should it be the device name or the port name?

If you can think of anything else to check and verify or a good how to page to look at, it would be appreciated.

Thank you.
0
 
LVL 11

Expert Comment

by:ewtaylor
ID: 11099061
Can you ping the printer ip address? It is okay to list the whole ip address since you are using a private network (non routable, non public). If you can ping the local printer when the vpn client is connected you have the split tunneling configured and working properly. Install the printer as a local device choosing the correct printer driver. After this is done setup a network port to the correct ip address (local 192.168.xxx.xxx) and you should be fine.
0
 

Expert Comment

by:JamesIEvans
ID: 11100651
Thank you. This seems to work, and the lmhosts file doesn't seem to be needed. I was able to ping by ip address as you described and can print while connected to the vpn. The only issue seems I have to wait until the first document is done printing until I send the second one, otherwise it gets "lost". This also happens when i am doing normal local lan printing while not connected to the vpn.

While not connected to the vpn, and using the netgear print server setup, which is how i was printing, I don't have this issue and can print several documents. Some more tinkering is needed, but I have passed one hurdle.

Thanks again.
0
 
LVL 11

Expert Comment

by:ewtaylor
ID: 11100691
Glad to be of help, the only time you would need the lmhosts file is if you had a pc acting as a print server. Then you would need the lmhosts file to print to the document. I am not sure about why you would have to wait for the first document to stop before you print the second you might want to check your services and make sure the spooler is running.
0
 

Expert Comment

by:straderc
ID: 13248813
I'm about 8 months late, but hopefully someone can still answer on this thread...

I have a local PC that connects to the office network over VPN.  Different subnets for each side.  Then I have a second local PC acting as a print server.

1.  Enable split-tunneling on the VPN connection
2.  Add local printer as usual, mapping to the print server name.
3.  lmhosts file that maps the IP address to the print server name
4.  Print normally while connected to VPN

sound right?
0
 
LVL 11

Expert Comment

by:ewtaylor
ID: 13249470
Sounds good, you might want to add an entry for the DC in the lmhosts file also.
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
ASA AnyConnect tunneling 3 42
Pulse secure VPN: after sudden disconnect from RDS, unable to logon again 5 124
slow vpn connection 9 77
VPN Connection WIndows 10 5 60
Some of you may have heard that SonicWALL has finally released an app for iOS devices giving us long awaited connectivity for our iPhone's, iPod's, and iPad's. This guide is just a quick rundown on how to get up and running quickly using the app. …
Secure VPN Connection terminated locally by the Client.  Reason 442: Failed to enable Virtual Adapter. If you receive this error on Windows 8 or Windows 8.1 while trying to connect with the Cisco VPN Client then the solution is a simple registry f…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

792 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question