Solved

Unable to communicate with local wireless printer, when connected to Checkpoint Endpoint Connect

Posted on 2011-03-11
8
1,982 Views
Last Modified: 2012-05-11
I have a user who is unable to print from his local wireless printer, when connected to the office network via Checkpoint Endpoint Connect. There is no problem printing when VPN is disconnected

The user's home office has a network range of 10.0.0.0.
the printer has an IP of 10.0.0.50 , manually configured.

Ping says Request timed out when VPN is connected, otherwise its success.

Please suggest a resolution
0
Comment
Question by:Ramanand_R_Uni
  • 4
  • 3
8 Comments
 
LVL 13

Expert Comment

by:kdearing
ID: 35108406
The vpn needs to be set up as a split tunnel.
http://en.wikipedia.org/wiki/Split_tunneling

I'm not sure of the exact procedures, but it should be in your documentation.
0
 
LVL 14

Expert Comment

by:grimkin
ID: 35115063
Hi,

Your administrator has set up the remote access VPN in "hub mode" - this routes all remote access communication through a central gateway, ensuring traffic is inspected and audited before being forwarded to the Internet, a remote site or another VPN client.

You will need to ask them to allow you to connect without hub mode being enforced which may not happen depending on your company's IT Policy.

HTH
0
 

Author Comment

by:Ramanand_R_Uni
ID: 35127654
The information they gave is that the user's home network IP range is conflicting with the IP range on the  office IP's on the other side of VLAN. So the computer  is confused that the packets should be sent to the local printer or to the one across the VLAN.

Is there a work around to resolve this than reconfiguring th home network to class C range
0
 
LVL 14

Expert Comment

by:grimkin
ID: 35127703
HI,

In short, not really if as you say the remote network has the same IP range as that in the user's home. When Endpoint connects, it inserts routes into the routing table to make sure that everything destined for the remote IP range is transported via the virtual vpn network adapter.

If e.g. the printer is on home network 192.168.1.100 and the local computer is on 192.168.1.50 then it is possible you could set a host route in windows:

route add 192.168.1.100 mask 255.255.255.255 192.168.1.50

This may or may not work and is really not recommended - the easiest, most stable and by far the cleanest way to do this is to reconfigure the end user's local range to a different network address.

HTH
0
Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

 

Author Comment

by:Ramanand_R_Uni
ID: 35139866
Hi GrimKin .. could you please explain why are you using a mask of 255.255.255.255 here..i dint quite catch the logic..

ususally we add

route add [destination IP] mask [source mask] [gateway]   .. right...
0
 
LVL 14

Expert Comment

by:grimkin
ID: 35140957
Hi,

the 255.255.255.255 mask (/32) specifies a single host - you don't want the whole network (/24) being routed as then no traffic would traverse thevpn.

But again, this approach is dirty at best and may create more problems than it solves.

HTH
0
 

Author Comment

by:Ramanand_R_Uni
ID: 35167632
hi..
i tried this it did not resolve


C:\Users\30319>ping 10.0.0.50

Pinging 10.0.0.50 with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.

Ping statistics for 10.0.0.50:
    Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

C:\Users\30319>tracert 10.0.0.50

Tracing route to 10.0.0.50 over a maximum of 30 hops

  1     *        *        *     Request timed out.
  2   105 ms   105 ms   110 ms  10.46.0.2
  3   108 ms   122 ms   103 ms  10.46.0.2
  4     *        *        *     Request timed out.
  5   107 ms   105 ms   105 ms  10.46.0.2
  6     *        *        *     Request timed out.
  7   508 ms   204 ms   204 ms  10.46.0.2
  8     *        *        *     Request timed out.
  9   119 ms   116 ms   129 ms  

these are the ping statistics while on VPN
0
 
LVL 14

Accepted Solution

by:
grimkin earned 500 total points
ID: 35169145
Hi, as already stated, you need to reconfigure the end user's local range to a different network address.
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

I've written this article to illustrate how we can implement a Dynamic Multipoint VPN (DMVPN) with both hub and spokes having a dynamically assigned non-broadcast multiple-access (NBMA) network IP (public IP). Here is the basic setup of DMVPN Pha…
AWS has developed and created its highly available global infrastructure allowing users to deploy and manage their estates all across the world through the use of the following geographical components   RegionsAvailability ZonesEdge Locations  Wh…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now