Solved

Remote network using vpn client can't print on their network printers

Posted on 2004-04-30
10
1,655 Views
Last Modified: 2012-06-27
My company is utilizing a cisco 3005 vpn concentrator and Cisco's VPN client V3.6.3 to establish a VPN tunnel between our network and a clients network, Assigning them a local IP on our local network. We then use VNC to remotely control one of their workstations to access their network to perform our work.

When we are setting up the remote client we must check the box "allow local lan access" to allow the computer access to the lan otherwise the networked application that we use on the clients computer cannot access the server.

The problem comes into play where we can not print to networked printers on the clients network. They error out even if we print a test page with status "unable to connect" Once the VPN client is disconnected, their network returns to normal and they regain full functionality.

It is my understanding from reading other topics on this forum that the way the VPN client works is to reassign the default gateway, as a result redirecting all tcp/ip traffic through the tunnel. I understand that there are clients that might fix this problem providing split tunell functionality.

Is there a way to configure my current hardware/vpn client to fix my problem?

Are there other vpn clients that will easily work that will provide this functionality without errors like this?

Thank you!

Sadian
0
Comment
Question by:sadian
  • 5
  • 2
  • 2
  • +1
10 Comments
 
LVL 2

Author Comment

by:sadian
Comment Utility
After posting this question, I think I may have found my own answer please confirm the follow about the limitations of Cisco's VPN client software limitations:

This is an excerpt from page 30 of the VPN client admin guide:

When the VPN Client is connected and configured for local LAN access, you cannot print or browse by name on the local LAN. When the VPN Client is disconnected, you can print or browse by name.

You can browse or print by IP Address. To print, you can change the properties for the network printer to use the IP Address instead of names. For example instead of the syntax \\sharename\printername, use
\\x.x.x.x\printername, where x.x.x.x is an IP address.

To print and browse by name, you can use an LMHOSTS file. To do this, add the IP addresses and local hostnames to a text file named LMHOSTS and place it on all your local PCs in the \Windows directory.

The PC’s TCP/IP stack then uses the IP address to hostname mapping in the LMHOSTS file to resolve the name when printing or browsing. This approach requires that all local hosts have a static IP address; or if you are using DHCP, you must configure local hosts to always get the same IP address.
Example LMHOSTS file:
192.168.1.100 MKPC
192.168.1.101 SBPC
192.168.1.101 LHPC

Hense, I should be able to create a c:\windows\LMHOSTS file that contains for instance:

192.168.0.1 SERVER1

and windows will automatically redirect to the proper computer that has the shared printer?

Thanks!

Sadian
0
 
LVL 11

Accepted Solution

by:
ewtaylor earned 500 total points
Comment Utility
That should work just make sure your lan and the remote lan are on different ip addressing schemes. If you both use the 192.168.0.xxx subnet then you will run into trouble
0
 
LVL 2

Author Comment

by:sadian
Comment Utility
certainly, our internal subnet is very off the wall :-)

I guess the real problem Im facing in light of this is considering DHCP configuration. most of my clients run small (10-20 station) networks with DHCP. Considering that most all of my clients run DHCP and also considering that to access the printers, I need to know the IP of the server/workstation it is attached to, what is the simplest way to get around this without reconfiguring the whole network for static ips?

Thank you!

Sadian
0
 
LVL 11

Expert Comment

by:ewtaylor
Comment Utility
Hmm best way would be for one of the printers to be directly connected to the network via a hp printer server or some other print server (linksys etc.)
0
 

Expert Comment

by:JamesIEvans
Comment Utility
I have a similar setup. At work we have a VPN 3000 and I can connect just fine. I would like to print to my printer at home, which is connected to a linksys router as is the home computer.

I think I have split tunneling setup correctly with a network list. Should both the corporate lan (10.206.XX.XXX) and the home network (192.168.1.XXX) be on the list, or just the home network?

I have an lmhosts file with an entry of 192.168.1.XXX and the name of the printer. Should it be the device name or the port name?

If you can think of anything else to check and verify or a good how to page to look at, it would be appreciated.

Thank you.
0
Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

 
LVL 11

Expert Comment

by:ewtaylor
Comment Utility
Can you ping the printer ip address? It is okay to list the whole ip address since you are using a private network (non routable, non public). If you can ping the local printer when the vpn client is connected you have the split tunneling configured and working properly. Install the printer as a local device choosing the correct printer driver. After this is done setup a network port to the correct ip address (local 192.168.xxx.xxx) and you should be fine.
0
 

Expert Comment

by:JamesIEvans
Comment Utility
Thank you. This seems to work, and the lmhosts file doesn't seem to be needed. I was able to ping by ip address as you described and can print while connected to the vpn. The only issue seems I have to wait until the first document is done printing until I send the second one, otherwise it gets "lost". This also happens when i am doing normal local lan printing while not connected to the vpn.

While not connected to the vpn, and using the netgear print server setup, which is how i was printing, I don't have this issue and can print several documents. Some more tinkering is needed, but I have passed one hurdle.

Thanks again.
0
 
LVL 11

Expert Comment

by:ewtaylor
Comment Utility
Glad to be of help, the only time you would need the lmhosts file is if you had a pc acting as a print server. Then you would need the lmhosts file to print to the document. I am not sure about why you would have to wait for the first document to stop before you print the second you might want to check your services and make sure the spooler is running.
0
 

Expert Comment

by:straderc
Comment Utility
I'm about 8 months late, but hopefully someone can still answer on this thread...

I have a local PC that connects to the office network over VPN.  Different subnets for each side.  Then I have a second local PC acting as a print server.

1.  Enable split-tunneling on the VPN connection
2.  Add local printer as usual, mapping to the print server name.
3.  lmhosts file that maps the IP address to the print server name
4.  Print normally while connected to VPN

sound right?
0
 
LVL 11

Expert Comment

by:ewtaylor
Comment Utility
Sounds good, you might want to add an entry for the DC in the lmhosts file also.
0

Featured Post

6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

Join & Write a Comment

Suggested Solutions

When you connect to your workplace's VPN, you may not notice that you are using your workplace's servers to serve up webpages.  This might be undesirable since the workplace can log all the places you've been.  It also might be very slow to load pag…
I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now