s3d
asked on
Difficulty trying to print over vpn with partially overlapping networks
Hi Everyone,
I've been at this problem for a while now and i'm at my wits end so i really hope someone can help me.
Basically, I had to set up a site to site vpn from company A to Company B. This is so a group of employees from CompA can connect to a SAP server in CompB. There is a partial network overlap between both companies and renumbering a network is not an option.
CompA: 192.168.1.X Sonicwall tz170
CompB: 192.168.1.X -192.168.7.X Checkpoint R60
I was able to overcome this by putting the group in (A) behind a NAT address and they can sucessfully connect to the other server in (B) 192.168.3.3.
However, users want to be able to print back from this server to a local network printer on 192.168.1.235.
Is this possible? If not, what other suggestions would you guys recommend me trying.
I've been at this problem for a while now and i'm at my wits end so i really hope someone can help me.
Basically, I had to set up a site to site vpn from company A to Company B. This is so a group of employees from CompA can connect to a SAP server in CompB. There is a partial network overlap between both companies and renumbering a network is not an option.
CompA: 192.168.1.X Sonicwall tz170
CompB: 192.168.1.X -192.168.7.X Checkpoint R60
I was able to overcome this by putting the group in (A) behind a NAT address and they can sucessfully connect to the other server in (B) 192.168.3.3.
However, users want to be able to print back from this server to a local network printer on 192.168.1.235.
Is this possible? If not, what other suggestions would you guys recommend me trying.
With site to site VPNs if each site has the same subnet (in your case the 192.168.1.x) you will not be able to communicate between the 2 networks (or at least the overlaping subnets). Can you access any resources on the 192.168.1.x network at company b from copany a?
eb
eb
ASKER
Hi Guys,
Im not using dhcp for the printers. eb, no i cant access anything thats on 192.168.1.x at company b from company a because as you know, thats company A's local network and it doesnt get routed out. The server at Comp B is 192.168.3.3 but im assuming it cannot communicate to 192.168.1.235 (printer in compA) as that is a local address on CompB. I have to have this to print to our premises however, so any suggestions ie new mini network on different subnet? Thanks
Im not using dhcp for the printers. eb, no i cant access anything thats on 192.168.1.x at company b from company a because as you know, thats company A's local network and it doesnt get routed out. The server at Comp B is 192.168.3.3 but im assuming it cannot communicate to 192.168.1.235 (printer in compA) as that is a local address on CompB. I have to have this to print to our premises however, so any suggestions ie new mini network on different subnet? Thanks
is it possible to give the printer a new ip address in a different subnet, e.g. 192.168.12.x? That way the printer itself would not overlap but local users would be able to print to it?
Adol
Adol
ASKER
I was thinking of adding a new printer whos sole purpose is to print from this vpn. If i give it an address of 192.168.12.x, i assume ill need to change some other things ie subnet masks.
try both. if it does not work then try putting 255.255.255.248 in as a subnet mask.
So you don't waist your money, try testing it with a desktop/laptop. if you can ping the machine then unplug the cable and can't ping it then you know it's working.
So you don't waist your money, try testing it with a desktop/laptop. if you can ping the machine then unplug the cable and can't ping it then you know it's working.
You could also install the printer as a local printer (use standard TCP/IP port type) on the server 192.168.3.3 and share it out. Then the computers at company a could print to the shared printer on 192.168.3.3, should work.
eb
eb
ASKER
changing the subnet didnt work adol. eb wouldnt that mean it will print over in the CompanyB premises or am i taking you up wrong?
Yes it would print in the company b location. Give me a little while and I will show you a diagram of what I mean.
eb
eb
ASKER
i need it to print in company A's location
Refresh my memory. Where are you trying to print from (a or b)? Where is the printer located (a or b)?
eb
eb
ASKER
The clients and printer are located in (A). The clients connect over vpn to a server in (B). I then want this server to print back to the printer located in (A).
So you want the server at B to print to the printer at A.
Is this the 192.168.3.3 server at B? And what is the IP of the printer at A?
Is this the 192.168.3.3 server at B? And what is the IP of the printer at A?
ASKER
yes 192.168.3.3 is server at B. ip of printer at A is 192.168.1.235 but im open to suggestions about a new printer on different subnet if this solves the issue. thnx for your persistence guys
As long as the server and the printer are on different subnets you should be able to print, is routing enabled between the networks?
eb
eb
The 192.168.3.x network at B should have no problem connecting to the 192.168.1.x network at A, you just need to make sure routing is properly configured on the 192.168.3.x network to send traffic destind for 192.168.1.x network through the VPN.
eb
eb
ASKER
Ah but network B also has a 192.168.1.x network, thats where the overlap lies between the networks.
I understand that there is an overlap, but since the printer and the server are not in that overlap it should work.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
This will of change your routing and make it more complicated, but it should work if the routers/firewalls are all configured correctly.
eb
eb
PS this may also be accomplished with your sonicwall if it has more than 2 ports and can support a 3rd network. I do not know the sonicwall products well so can not tell for sure.
eb
eb
ASKER
Hi eb,
i figured i would have to do something like that with a router. My sonicwalls extra ports are taken up unfortunately. Thank you for your time, expertise and helpful diagram. Im in the process of getting a router for the job.
s3d
i figured i would have to do something like that with a router. My sonicwalls extra ports are taken up unfortunately. Thank you for your time, expertise and helpful diagram. Im in the process of getting a router for the job.
s3d
having re-read the question, if compB can exempt 192.168.1.235 for dhcp, surely those can compA can print to the printer that they want?
Adol