Solved

No Connection to Printer While on VPN

Posted on 2013-01-22
8
367 Views
Last Modified: 2013-02-11
Hello and Good Day!

I am having an issue printing to a shared printer while on VPN. The office in question is a remote site, there are 5 Windows clients that are connected to a local gateway. The Windows clients are required to use Cisco VPN client 5.0.05.0290. The Windows clients OS are Windows XP embedded SP3. The printer is an HP OfficeJet 8500. I will refer to the Windows client that is not able to print on VPN as WINA and the Windows box that has the shared printer as WINB.

The printer is conencted locally to WINB and then shared via machine name on the local network. We do not have any issues communicating/printing from any of the clients when the VPN client is not connected. Once WINA is connected to the VPN, no traffic goes from  WINA client to WINB, including no response to pings.

Split tunneling is enabled on the VPN and within the VPN client itself on WINA, I have ensured that the "Allow local LAN access" option is enabled. While on VPN on WINA, I can ping the local network gateway, however for some reason no pings or communication goes past the local gateway to WINB.

I have done some basic googling and troubleshooting. here is what I have tried.

1) In the advanced settings of the Windows box, I have adjusted the networks in the adapters and bindings section to have both the local network and the vpn network connection the highest priority in spearate tests.
2) Edited the local LMHOSTS file on WINA to ensure that the IP addy and NETBIOS name of WINB that has the shared printer were included.
3) Deleted, readded and shared printer from WINB using IP addy rather than name.
4) Added route to the routing table on WINA using the route add command from the command line.

Here is where the problem gets more interesting. Once the route is added at WINA in the format

route add [IP addy of print server] MASK 255.255.255.255 [IP addy of gateway]

the printing then worked while on VPN. However after I rebooted WINA the printing no longer worked as the route was not persistent. I then attempted to add the route persistently in the format

route -p add [IP addy of print server] MASK 255.255.255.255 [IP addy of gateway]

After adding the route persistently at WINA I double checked the registry at

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes

I could verify that the persistent route was there, however printing did not work from WINA. I rebooted and verified the persistent route once again, still no printing from WINA. At this point I am not sure what to do next as it appears that there is no route from WINA to WINB while WINA is connected to VPN and it does not seem that the persistent route is working.

I can create a batch file and add it at each Windows client inlcuding WINA that adds a non-persistent route, however each user would have to add the route by clicking on the batch file each time that they connect to VPN so that they can print locally. That is not a real ideal solution.

Part of the problem here is that the office is leased from a office provider and they own the local gateway so I am not able to make any changes to it. I would normally ask them to see if they can ensure a proper route from WINA to WINB when WINA is on VPN, however they are terrible to respond and last time I engaged their support they made the problem worse. Does anyone have any ideas as to what could be changed so that this would work?

Below is a snapshot of ipconfig/all from WINA when connnected to VPN. I have also added the routing table from WINA while connecte to the VPN as well. Thanks in advance to anyone that can help!

Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

C:\Documents and Settings\Administrator>ipconfig/all

Windows IP Configuration

        Host Name . . . . . . . . . . . . : TC305
        Primary Dns Suffix  . . . . . . . :
        Node Type . . . . . . . . . . . . : Hybrid
        IP Routing Enabled. . . . . . . . : No
        WINS Proxy Enabled. . . . . . . . : No
        DNS Suffix Search List. . . . . . :

Ethernet adapter Local Area Connection:

        Connection-specific DNS Suffix  . :
        Description . . . . . . . . . . . : Broadcom NetLink (TM) Gigabit Ethern
et #2
        Physical Address. . . . . . . . . : 9C-8E-99-D3-6C-A3
        Dhcp Enabled. . . . . . . . . . . : Yes
        Autoconfiguration Enabled . . . . : Yes
        IP Address. . . . . . . . . . . . : 192.168.0.106
        Subnet Mask . . . . . . . . . . . : 255.255.255.0
        IP Address. . . . . . . . . . . . : fe80::9e8e:99ff:fed3:6ca3%4
        Default Gateway . . . . . . . . . : 192.168.0.1
        DHCP Server . . . . . . . . . . . : 192.168.0.1
        DNS Servers . . . . . . . . . . . : 168.95.1.1
                                            192.168.0.1
                                            fec0:0:0:ffff::1%1
                                            fec0:0:0:ffff::2%1
                                            fec0:0:0:ffff::3%1
        Lease Obtained. . . . . . . . . . : Wednesday, January 23, 2013 12:29:05
 AM
        Lease Expires . . . . . . . . . . : Wednesday, January 30, 2013 12:29:05
 AM

Ethernet adapter Local Area Connection 3:

        Connection-specific DNS Suffix  . :
        Description . . . . . . . . . . . : Cisco Systems VPN Adapter
        Physical Address. . . . . . . . . : 00-05-9A-3C-78-00
        Dhcp Enabled. . . . . . . . . . . : No
        IP Address. . . . . . . . . . . . : 192.168.253.200
        Subnet Mask . . . . . . . . . . . : 255.255.255.0
        IP Address. . . . . . . . . . . . : fe80::205:9aff:fe3c:7800%9
        Default Gateway . . . . . . . . . :
        DNS Servers . . . . . . . . . . . :
                                           
                                            fec0:0:0:ffff::1%1
                                            fec0:0:0:ffff::2%1
                                            fec0:0:0:ffff::3%1
        Primary WINS Server . . . . . . . :
        Secondary WINS Server . . . . . . :

Tunnel adapter Teredo Tunneling Pseudo-Interface:

        Connection-specific DNS Suffix  . :
        Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
        Physical Address. . . . . . . . . : FF-FF-FF-FF-FF-FF-FF-FF
        Dhcp Enabled. . . . . . . . . . . : No
        IP Address. . . . . . . . . . . . : fe80::ffff:ffff:fffd%5
        Default Gateway . . . . . . . . . :
        NetBIOS over Tcpip. . . . . . . . : Disabled

C:\Documents and Settings\Administrator>route print
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...9c 8e 99 d3 6c a3 ...... Broadcom NetLink (TM) Gigabit Ethernet #2 - Pack
et Scheduler Miniport
0x40004 ...00 05 9a 3c 78 00 ...... Cisco Systems VPN Adapter - Packet Scheduler
 Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.0.1   192.168.0.106       20
   63.160.218.158  255.255.255.255      192.168.0.1   192.168.0.106       1
        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1       1
      192.168.0.0    255.255.255.0    192.168.0.106   192.168.0.106       20
      192.168.0.0    255.255.255.0  192.168.253.200  192.168.253.200      1
      192.168.0.1  255.255.255.255    192.168.0.106   192.168.0.106       1
    192.168.0.106  255.255.255.255        127.0.0.1       127.0.0.1       20
    192.168.0.255  255.255.255.255    192.168.0.106   192.168.0.106       20
      192.168.2.0    255.255.255.0  192.168.253.200  192.168.253.200      1
      192.168.3.0    255.255.255.0  192.168.253.200  192.168.253.200      1
      192.168.4.0    255.255.255.0  192.168.253.200  192.168.253.200      1
      192.168.9.0    255.255.255.0  192.168.253.200  192.168.253.200      1
     192.168.10.0    255.255.255.0  192.168.253.200  192.168.253.200      1
     192.168.11.0    255.255.255.0  192.168.253.200  192.168.253.200      1
     192.168.12.0    255.255.255.0  192.168.253.200  192.168.253.200      1
     192.168.20.0    255.255.255.0  192.168.253.200  192.168.253.200      1
     192.168.30.0    255.255.255.0  192.168.253.200  192.168.253.200      1
     192.168.40.0    255.255.255.0  192.168.253.200  192.168.253.200      1
     192.168.50.0    255.255.255.0  192.168.253.200  192.168.253.200      1
     192.168.51.0    255.255.255.0  192.168.253.200  192.168.253.200      1
     192.168.52.0    255.255.255.0  192.168.253.200  192.168.253.200      1
     192.168.60.0    255.255.255.0  192.168.253.200  192.168.253.200      1
     192.168.95.0    255.255.255.0  192.168.253.200  192.168.253.200      1
    192.168.100.0    255.255.255.0  192.168.253.200  192.168.253.200      1
    192.168.104.0    255.255.255.0  192.168.253.200  192.168.253.200      1
    192.168.107.0    255.255.255.0  192.168.253.200  192.168.253.200      1
    192.168.110.0    255.255.255.0  192.168.253.200  192.168.253.200      1
    192.168.111.0    255.255.255.0  192.168.253.200  192.168.253.200      1
    192.168.112.0    255.255.255.0  192.168.253.200  192.168.253.200      1
    192.168.113.0    255.255.255.0  192.168.253.200  192.168.253.200      1
    192.168.253.0    255.255.255.0  192.168.253.200  192.168.253.200      20
  192.168.253.200  255.255.255.255        127.0.0.1       127.0.0.1       20
  192.168.253.255  255.255.255.255  192.168.253.200  192.168.253.200      20
        224.0.0.0        240.0.0.0    192.168.0.106   192.168.0.106       20
        224.0.0.0        240.0.0.0  192.168.253.200  192.168.253.200      20
  255.255.255.255  255.255.255.255    192.168.0.106   192.168.0.106       1
  255.255.255.255  255.255.255.255  192.168.253.200  192.168.253.200      1
Default Gateway:       192.168.0.1
===========================================================================
Persistent Routes:
  Network Address          Netmask  Gateway Address  Metric
    192.168.0.159  255.255.255.255      192.168.0.1       1

C:\Documents and Settings\Administrator>

JJG
0
Comment
Question by:helpdesk_compsych
8 Comments
 
LVL 4

Accepted Solution

by:
Levi Gwyn earned 500 total points
ID: 38806905
Pretty sure the provider of the VPN gateway needs to add an access list.  Sorry, it is a router issue from what I gather from your post.  The VPN router will need to be able to route traffic from remote VPN clients to your local LAN in the office.  I don't think adding routes to your PCs will help.
0
 
LVL 15

Expert Comment

by:Ess Kay
ID: 38806937
is the printer only connected to the network, or is it assigned to a particular computer
0
 
LVL 15

Expert Comment

by:Ess Kay
ID: 38806941
if its connected to the computer, then you can navigate to the compuyter through network neighborhood and find its devices, you should see printer there
0
 

Author Comment

by:helpdesk_compsych
ID: 38807030
robcambra,

I am going to meet with my networking expert tomorrow, I will certainly bring the addition of the access list up. After we do this, I will update the post.

Thanks, much apprecaited!
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 

Author Comment

by:helpdesk_compsych
ID: 38807115
esskayb2d,

The printer is not networked. It is added locally via USB cable to one of the Windows clients and then is shared on the local network. I can print to it and see it in network neighboorhood from any Windows client on the network while none of these clients are on VPN.

When a Windows client is connected to VPN, I am not able to get to any other of the Windows clients on the local network inlcuding the Windows client that has the sahred printer via network neighboorhood or any other means. I hope that answers your question. Thanks for you help.

JJG
0
 
LVL 15

Expert Comment

by:Ess Kay
ID: 38807149
try though vpn connecting to the server, and from there view the other machines
0
 
LVL 38

Expert Comment

by:Herman D'Hondt
ID: 38809321
Check that ports 137, 138, 139 and 445 are open on the router. These are used for M$ file and print sharing.

Of course, the HP OfficeJet 8500 is a GDI printer, which are notoriously hard to network.
0
 
LVL 15

Expert Comment

by:Ess Kay
ID: 38810559
you can also try to map through the router the direct port to the computer with the printer
0

Featured Post

Free camera licenses with purchase of My Cloud NAS

Milestone Arcus software is compatible with thousands of industry-leading cameras for added flexibility. Upon installation on your My Cloud NAS, you will receive two (2) camera licenses already enabled in the software. And for a limited time, get additional camera licenses FREE.

Join & Write a Comment

Suggested Solutions

Are you one of those front-line IT Service Desk staff fielding calls, replying to emails, all-the-while working to resolve end-user technological nightmares? I am! That's why I have put together this brief overview of tools and techniques I use in o…
Read about achieving the basic levels of HRIS security in the workplace.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
This video demonstrates how to create an example email signature rule for a department in a company using CodeTwo Exchange Rules. The signature will be inserted beneath users' latest emails in conversations and will be displayed in users' Sent Items…

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now