[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2273
  • Last Modified:

Unable to communicate with local wireless printer, when connected to Checkpoint Endpoint Connect

I have a user who is unable to print from his local wireless printer, when connected to the office network via Checkpoint Endpoint Connect. There is no problem printing when VPN is disconnected

The user's home office has a network range of 10.0.0.0.
the printer has an IP of 10.0.0.50 , manually configured.

Ping says Request timed out when VPN is connected, otherwise its success.

Please suggest a resolution
0
Ramanand_R_Uni
Asked:
Ramanand_R_Uni
  • 4
  • 3
1 Solution
 
kdearingCommented:
The vpn needs to be set up as a split tunnel.
http://en.wikipedia.org/wiki/Split_tunneling

I'm not sure of the exact procedures, but it should be in your documentation.
0
 
grimkinCommented:
Hi,

Your administrator has set up the remote access VPN in "hub mode" - this routes all remote access communication through a central gateway, ensuring traffic is inspected and audited before being forwarded to the Internet, a remote site or another VPN client.

You will need to ask them to allow you to connect without hub mode being enforced which may not happen depending on your company's IT Policy.

HTH
0
 
Ramanand_R_UniAuthor Commented:
The information they gave is that the user's home network IP range is conflicting with the IP range on the  office IP's on the other side of VLAN. So the computer  is confused that the packets should be sent to the local printer or to the one across the VLAN.

Is there a work around to resolve this than reconfiguring th home network to class C range
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
grimkinCommented:
HI,

In short, not really if as you say the remote network has the same IP range as that in the user's home. When Endpoint connects, it inserts routes into the routing table to make sure that everything destined for the remote IP range is transported via the virtual vpn network adapter.

If e.g. the printer is on home network 192.168.1.100 and the local computer is on 192.168.1.50 then it is possible you could set a host route in windows:

route add 192.168.1.100 mask 255.255.255.255 192.168.1.50

This may or may not work and is really not recommended - the easiest, most stable and by far the cleanest way to do this is to reconfigure the end user's local range to a different network address.

HTH
0
 
Ramanand_R_UniAuthor Commented:
Hi GrimKin .. could you please explain why are you using a mask of 255.255.255.255 here..i dint quite catch the logic..

ususally we add

route add [destination IP] mask [source mask] [gateway]   .. right...
0
 
grimkinCommented:
Hi,

the 255.255.255.255 mask (/32) specifies a single host - you don't want the whole network (/24) being routed as then no traffic would traverse thevpn.

But again, this approach is dirty at best and may create more problems than it solves.

HTH
0
 
Ramanand_R_UniAuthor Commented:
hi..
i tried this it did not resolve


C:\Users\30319>ping 10.0.0.50

Pinging 10.0.0.50 with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.

Ping statistics for 10.0.0.50:
    Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

C:\Users\30319>tracert 10.0.0.50

Tracing route to 10.0.0.50 over a maximum of 30 hops

  1     *        *        *     Request timed out.
  2   105 ms   105 ms   110 ms  10.46.0.2
  3   108 ms   122 ms   103 ms  10.46.0.2
  4     *        *        *     Request timed out.
  5   107 ms   105 ms   105 ms  10.46.0.2
  6     *        *        *     Request timed out.
  7   508 ms   204 ms   204 ms  10.46.0.2
  8     *        *        *     Request timed out.
  9   119 ms   116 ms   129 ms  

these are the ping statistics while on VPN
0
 
grimkinCommented:
Hi, as already stated, you need to reconfigure the end user's local range to a different network address.
0

Featured Post

Upgrade your Question Security!

Add Premium security features to your question to ensure its privacy or anonymity. Learn more about your ability to control Question Security today.

  • 4
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now