thent
asked on
Cannot Print to Home Network Printer while connected to Work VPN
I have a home network printer, but I can't print to it when I'm connected to my office VPN. When I look in the print job under status it says "Access Denied." I dont have this problem on my XP machine, and it is configured the same way.
I uncheck "Use default gateway on remote network"
I have heard that I can configure a VPN to allow client access to lan, but that would be poking a big hole in the vpn leaving my work network exposed.
I have tried maping my home network printer via IP or modifying my LMHOSTS, but I still get the same error in the status of the print job.
I would expect that the answer to this may be "by design." If anyone has a work around, I would like to know.
I uncheck "Use default gateway on remote network"
I have heard that I can configure a VPN to allow client access to lan, but that would be poking a big hole in the vpn leaving my work network exposed.
I have tried maping my home network printer via IP or modifying my LMHOSTS, but I still get the same error in the status of the print job.
I would expect that the answer to this may be "by design." If anyone has a work around, I would like to know.
If this works fine when not on the VPN, and fails when on the VPN, then it sounds to me like the firewall admin had cut off local access. Usually a firewall will allow for a split tunnel style setup where only the traffic destined for the office is captured by the VPN... however its up to the admin to set this up for the end-users.
ASKER
I'm trying to avoid that configuration as it would expose the work network.
It seems like there should be a way to resolve this on the client side because it works fine in XP. Any thoughts or have you been down this road before?
It seems like there should be a way to resolve this on the client side because it works fine in XP. Any thoughts or have you been down this road before?
ASKER
This Works:
cmdkey /delete /ras
I don't think this would be an appropriate solution for most VPN users. I need something that doesn't require users to do anything besides connect to the vpn. They shouldn't have to run a script after they connect.
cmdkey /delete /ras
I don't think this would be an appropriate solution for most VPN users. I need something that doesn't require users to do anything besides connect to the vpn. They shouldn't have to run a script after they connect.
The admin of the VPN definitely has split-tunneling disabled. What you describe is the nature of a secure VPN client running on a PC. Regardless if you uncheck "use default gateway on remote network," that setting is ultimately controlled on the corporate side of the VPN host, and you can't override it. The only way that you could possibly use that printer via IP without having split tunneling turned on is for the VPN admin to define your specific home network in the configuration that he provides for you to connect to the VPN. And since this configuration would be unique to you, in most situations, you would be denied the request. Talk to your IT department and see what solution they offer you.
ASKER
The why can I print from my XP computer when connected to the VPN, but can't print on my Win 7 computer when connected to the same VPN?
ASKER
I guess the only two work arounds for this problem is to use a Split Tunnel VPN or to run the "cmdkey /delete /ras" command. Neither of these pose as a logical solution for general client access for the following reasons:
1: Split Tunnel VPN: Who is to say that the connecting party will not have the same sub net as the work network. Additionally, any computer located on the client lan would have access to the work network, leaving the network exposed.
2. Running the command "cmdkey /delete /ras" fixes the problem. This would be ok for me to use, but I can't expect all remoe users to do this every time they wan to print while connected to a VPN.
Thanks for your suggestions guys.
1: Split Tunnel VPN: Who is to say that the connecting party will not have the same sub net as the work network. Additionally, any computer located on the client lan would have access to the work network, leaving the network exposed.
2. Running the command "cmdkey /delete /ras" fixes the problem. This would be ok for me to use, but I can't expect all remoe users to do this every time they wan to print while connected to a VPN.
Thanks for your suggestions guys.
I honestly don't know the answer regarding why XP works but Win7 doesn't. When I read your earlier post, I didn't understand that you were saying that XP could print when connected to the VPN. If that is the case, then it doesn't sound like split tunneling was disabled.
Also, you never mentioned what kind VPN connection this was. Is it using a Cisco client? Microsoft? IPSec or SSLVPN?
Also, you never mentioned what kind VPN connection this was. Is it using a Cisco client? Microsoft? IPSec or SSLVPN?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.