?
Solved

BEFW11S4 static route?

Posted on 2005-03-01
14
Medium Priority
?
405 Views
Last Modified: 2008-01-09
I have a networked printer (192.168.1.101) that works great UNTIL I connect to the office via VPN. When I connect VPN, my "local ip address" becomes a 172.21.x.x  address. A friend mentioned i could create a static route from the 172.21 segment to the 192.168 segment and tell all my printer traffic where to go when im connected to the VPN. Any suggestions?
0
Comment
Question by:nriddock
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
  • 3
  • +2
14 Comments
 
LVL 5

Expert Comment

by:pazmanpro
ID: 13435678
Okay, I'm a bit lost. Is the BEFW11S4 your Internet gateway and you form a VPN to it? I didn't know that the BEFW11S4 had that capability! But i think all you really need to do to add the default gateway to the printer (as far as i know all networked printers can do that). Your default gatway should already know how to get to the 172.21.x.x network.
0
 

Author Comment

by:nriddock
ID: 13435699
No...let me explain

my pc >         connected to Linksys router > connected to Internet > connects to Office VPN
192.168.x.x  > 192.168.1.1 > comcast > vpn.work .com (local ip 172.21.x.x)


so i am going out through my linksys to the internet , using the internet to connect to my work vpn

as far as addiing the default gateway to the printer...its two separate networks....home 192.168 / work 172.21

0
 
LVL 5

Accepted Solution

by:
pazmanpro earned 500 total points
ID: 13435760
Okay i get it! Your network printer is at your home! The issue is when you connect to your VPN you can no longer access your printer? That really has nothing to do with routing.

When you connect your VPN, the IP address on your network card stays at 192.168.x.x (otherwise you won't be on your network), and you are given a "virtual" ip address 172.21.x.x.

What will need to be done is called split-tunneling and this needs to be done at the VPN server side (Cisco PIX or checkpoint VPN or other). This way only traffic destined for your work network goes over the tunnel and the other traffic routed as normal.
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
LVL 5

Expert Comment

by:pazmanpro
ID: 13435766
What i really happening is that all traffic is sent over the encrypted tunnel, effectively "locking" you out of your home network.
0
 
LVL 79

Assisted Solution

by:lrmoore
lrmoore earned 500 total points
ID: 13437795
Depending on the VPN client, the remote site can effectively block you from having local lan access while connected to the VPN. It's a security "feature".
0
 
LVL 27

Assisted Solution

by:pseudocyber
pseudocyber earned 500 total points
ID: 13439048
As has been said, you would need to have split tunneling enabled.  There is a theoretical risk which many professional IT organizations are unwilling to accept if they enable this for you.

I'm running a Nortel Contivity VPN - they have a new feature called "Inverse Split Tunneling" which allows explicitly allowed subnets OR locally connected subnets to be split, and disables all others.  You might mention this to your VPN admins - asking them if they have this or would allow it.

Your only other option, if you want to print while having the vpn tunnel up, is to locally attach your printer with a cable from your computer to the printer.
0
 

Author Comment

by:nriddock
ID: 13443051
would adding a 2nd NIC to the box work?

ie: NIC #1 connects to VPN
NIC #2 doesnt and stays "local"

thus when i submit a print job it sees my "non VPN'd" NIC and sends the local LAN traffic over that one?
0
 
LVL 27

Expert Comment

by:pseudocyber
ID: 13443156
No, I don't think that will work.
0
 
LVL 3

Assisted Solution

by:Ivie
Ivie earned 500 total points
ID: 13443915
I agree with pseudocyber you need split tunneling. If your company doesn't allow you to do this, you may be able to select the option under printing features that allows you to print to file. Afterward, when you drop the tunnel then you can go to the file and send it to the printer.

As a firewall/VPN admin with a mid-sized company, I do not allow split tunneling. I am able to deny split tunneling at the VPN server overridding any configuration on the end user's client.
0
 
LVL 5

Expert Comment

by:pazmanpro
ID: 13445117
The second NIC may work, heck it doesn't hurt to try. You may have to disable the VPN driver on the second nic in the Network Properties and don't enable the default gateway on that one as well.
0
 
LVL 5

Expert Comment

by:pazmanpro
ID: 13445127
But why don't you really just connect to it physically with a printer cable. It surely must be simpler to do!
0
 

Author Comment

by:nriddock
ID: 13448936
my reason for wanting to try to get this to work is that i am wireless from my laptop to the router...my office is on one side and the printer is across the room. so a 30ft usb cable doesnt really fit in the mix.
0
 
LVL 27

Expert Comment

by:pseudocyber
ID: 13449014
The whole disabled split tunneling thing is pretty foolproof - as far as I know.  You probably can't bypass it.  Your only options are:

1.)  Save the file locally, disconnect vpn, then print normally.
2.)  Change your location to a branch office so there is VPN hardware at your "gateway" - but this will force everyone through the vpn - kids, wife, etc.
3.)  Locally connect a printer to your machine with the vpn client.
0
 
LVL 27

Expert Comment

by:pseudocyber
ID: 13449021
Oops, forgot option 4.

4.) Get the VPN admins to allow split tunneling for you.
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Hello , This is a short article on how would you go about enabling traceoptions on a Juniper router . Traceoptions are similar to Cisco debug commands but these traceoptions are implemented in Juniper networks router . The following demonstr…
Getting hacked is no longer a matter or "if you get hacked" — the 2016 cyber threat landscape is now titled "when you get hacked." When it happens — will you be proactive, or reactive?
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Suggested Courses

764 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question