Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 408
  • Last Modified:

BEFW11S4 static route?

I have a networked printer (192.168.1.101) that works great UNTIL I connect to the office via VPN. When I connect VPN, my "local ip address" becomes a 172.21.x.x  address. A friend mentioned i could create a static route from the 172.21 segment to the 192.168 segment and tell all my printer traffic where to go when im connected to the VPN. Any suggestions?
0
nriddock
Asked:
nriddock
  • 5
  • 4
  • 3
  • +2
4 Solutions
 
pazmanproCommented:
Okay, I'm a bit lost. Is the BEFW11S4 your Internet gateway and you form a VPN to it? I didn't know that the BEFW11S4 had that capability! But i think all you really need to do to add the default gateway to the printer (as far as i know all networked printers can do that). Your default gatway should already know how to get to the 172.21.x.x network.
0
 
nriddockAuthor Commented:
No...let me explain

my pc >         connected to Linksys router > connected to Internet > connects to Office VPN
192.168.x.x  > 192.168.1.1 > comcast > vpn.work .com (local ip 172.21.x.x)


so i am going out through my linksys to the internet , using the internet to connect to my work vpn

as far as addiing the default gateway to the printer...its two separate networks....home 192.168 / work 172.21

0
 
pazmanproCommented:
Okay i get it! Your network printer is at your home! The issue is when you connect to your VPN you can no longer access your printer? That really has nothing to do with routing.

When you connect your VPN, the IP address on your network card stays at 192.168.x.x (otherwise you won't be on your network), and you are given a "virtual" ip address 172.21.x.x.

What will need to be done is called split-tunneling and this needs to be done at the VPN server side (Cisco PIX or checkpoint VPN or other). This way only traffic destined for your work network goes over the tunnel and the other traffic routed as normal.
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
pazmanproCommented:
What i really happening is that all traffic is sent over the encrypted tunnel, effectively "locking" you out of your home network.
0
 
lrmooreCommented:
Depending on the VPN client, the remote site can effectively block you from having local lan access while connected to the VPN. It's a security "feature".
0
 
pseudocyberCommented:
As has been said, you would need to have split tunneling enabled.  There is a theoretical risk which many professional IT organizations are unwilling to accept if they enable this for you.

I'm running a Nortel Contivity VPN - they have a new feature called "Inverse Split Tunneling" which allows explicitly allowed subnets OR locally connected subnets to be split, and disables all others.  You might mention this to your VPN admins - asking them if they have this or would allow it.

Your only other option, if you want to print while having the vpn tunnel up, is to locally attach your printer with a cable from your computer to the printer.
0
 
nriddockAuthor Commented:
would adding a 2nd NIC to the box work?

ie: NIC #1 connects to VPN
NIC #2 doesnt and stays "local"

thus when i submit a print job it sees my "non VPN'd" NIC and sends the local LAN traffic over that one?
0
 
pseudocyberCommented:
No, I don't think that will work.
0
 
IvieCommented:
I agree with pseudocyber you need split tunneling. If your company doesn't allow you to do this, you may be able to select the option under printing features that allows you to print to file. Afterward, when you drop the tunnel then you can go to the file and send it to the printer.

As a firewall/VPN admin with a mid-sized company, I do not allow split tunneling. I am able to deny split tunneling at the VPN server overridding any configuration on the end user's client.
0
 
pazmanproCommented:
The second NIC may work, heck it doesn't hurt to try. You may have to disable the VPN driver on the second nic in the Network Properties and don't enable the default gateway on that one as well.
0
 
pazmanproCommented:
But why don't you really just connect to it physically with a printer cable. It surely must be simpler to do!
0
 
nriddockAuthor Commented:
my reason for wanting to try to get this to work is that i am wireless from my laptop to the router...my office is on one side and the printer is across the room. so a 30ft usb cable doesnt really fit in the mix.
0
 
pseudocyberCommented:
The whole disabled split tunneling thing is pretty foolproof - as far as I know.  You probably can't bypass it.  Your only options are:

1.)  Save the file locally, disconnect vpn, then print normally.
2.)  Change your location to a branch office so there is VPN hardware at your "gateway" - but this will force everyone through the vpn - kids, wife, etc.
3.)  Locally connect a printer to your machine with the vpn client.
0
 
pseudocyberCommented:
Oops, forgot option 4.

4.) Get the VPN admins to allow split tunneling for you.
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

  • 5
  • 4
  • 3
  • +2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now