[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 384
  • Last Modified:

No Connection to Printer While on VPN

Hello and Good Day!

I am having an issue printing to a shared printer while on VPN. The office in question is a remote site, there are 5 Windows clients that are connected to a local gateway. The Windows clients are required to use Cisco VPN client 5.0.05.0290. The Windows clients OS are Windows XP embedded SP3. The printer is an HP OfficeJet 8500. I will refer to the Windows client that is not able to print on VPN as WINA and the Windows box that has the shared printer as WINB.

The printer is conencted locally to WINB and then shared via machine name on the local network. We do not have any issues communicating/printing from any of the clients when the VPN client is not connected. Once WINA is connected to the VPN, no traffic goes from  WINA client to WINB, including no response to pings.

Split tunneling is enabled on the VPN and within the VPN client itself on WINA, I have ensured that the "Allow local LAN access" option is enabled. While on VPN on WINA, I can ping the local network gateway, however for some reason no pings or communication goes past the local gateway to WINB.

I have done some basic googling and troubleshooting. here is what I have tried.

1) In the advanced settings of the Windows box, I have adjusted the networks in the adapters and bindings section to have both the local network and the vpn network connection the highest priority in spearate tests.
2) Edited the local LMHOSTS file on WINA to ensure that the IP addy and NETBIOS name of WINB that has the shared printer were included.
3) Deleted, readded and shared printer from WINB using IP addy rather than name.
4) Added route to the routing table on WINA using the route add command from the command line.

Here is where the problem gets more interesting. Once the route is added at WINA in the format

route add [IP addy of print server] MASK 255.255.255.255 [IP addy of gateway]

the printing then worked while on VPN. However after I rebooted WINA the printing no longer worked as the route was not persistent. I then attempted to add the route persistently in the format

route -p add [IP addy of print server] MASK 255.255.255.255 [IP addy of gateway]

After adding the route persistently at WINA I double checked the registry at

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes

I could verify that the persistent route was there, however printing did not work from WINA. I rebooted and verified the persistent route once again, still no printing from WINA. At this point I am not sure what to do next as it appears that there is no route from WINA to WINB while WINA is connected to VPN and it does not seem that the persistent route is working.

I can create a batch file and add it at each Windows client inlcuding WINA that adds a non-persistent route, however each user would have to add the route by clicking on the batch file each time that they connect to VPN so that they can print locally. That is not a real ideal solution.

Part of the problem here is that the office is leased from a office provider and they own the local gateway so I am not able to make any changes to it. I would normally ask them to see if they can ensure a proper route from WINA to WINB when WINA is on VPN, however they are terrible to respond and last time I engaged their support they made the problem worse. Does anyone have any ideas as to what could be changed so that this would work?

Below is a snapshot of ipconfig/all from WINA when connnected to VPN. I have also added the routing table from WINA while connecte to the VPN as well. Thanks in advance to anyone that can help!

Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

C:\Documents and Settings\Administrator>ipconfig/all

Windows IP Configuration

        Host Name . . . . . . . . . . . . : TC305
        Primary Dns Suffix  . . . . . . . :
        Node Type . . . . . . . . . . . . : Hybrid
        IP Routing Enabled. . . . . . . . : No
        WINS Proxy Enabled. . . . . . . . : No
        DNS Suffix Search List. . . . . . :

Ethernet adapter Local Area Connection:

        Connection-specific DNS Suffix  . :
        Description . . . . . . . . . . . : Broadcom NetLink (TM) Gigabit Ethern
et #2
        Physical Address. . . . . . . . . : 9C-8E-99-D3-6C-A3
        Dhcp Enabled. . . . . . . . . . . : Yes
        Autoconfiguration Enabled . . . . : Yes
        IP Address. . . . . . . . . . . . : 192.168.0.106
        Subnet Mask . . . . . . . . . . . : 255.255.255.0
        IP Address. . . . . . . . . . . . : fe80::9e8e:99ff:fed3:6ca3%4
        Default Gateway . . . . . . . . . : 192.168.0.1
        DHCP Server . . . . . . . . . . . : 192.168.0.1
        DNS Servers . . . . . . . . . . . : 168.95.1.1
                                            192.168.0.1
                                            fec0:0:0:ffff::1%1
                                            fec0:0:0:ffff::2%1
                                            fec0:0:0:ffff::3%1
        Lease Obtained. . . . . . . . . . : Wednesday, January 23, 2013 12:29:05
 AM
        Lease Expires . . . . . . . . . . : Wednesday, January 30, 2013 12:29:05
 AM

Ethernet adapter Local Area Connection 3:

        Connection-specific DNS Suffix  . :
        Description . . . . . . . . . . . : Cisco Systems VPN Adapter
        Physical Address. . . . . . . . . : 00-05-9A-3C-78-00
        Dhcp Enabled. . . . . . . . . . . : No
        IP Address. . . . . . . . . . . . : 192.168.253.200
        Subnet Mask . . . . . . . . . . . : 255.255.255.0
        IP Address. . . . . . . . . . . . : fe80::205:9aff:fe3c:7800%9
        Default Gateway . . . . . . . . . :
        DNS Servers . . . . . . . . . . . :
                                           
                                            fec0:0:0:ffff::1%1
                                            fec0:0:0:ffff::2%1
                                            fec0:0:0:ffff::3%1
        Primary WINS Server . . . . . . . :
        Secondary WINS Server . . . . . . :

Tunnel adapter Teredo Tunneling Pseudo-Interface:

        Connection-specific DNS Suffix  . :
        Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
        Physical Address. . . . . . . . . : FF-FF-FF-FF-FF-FF-FF-FF
        Dhcp Enabled. . . . . . . . . . . : No
        IP Address. . . . . . . . . . . . : fe80::ffff:ffff:fffd%5
        Default Gateway . . . . . . . . . :
        NetBIOS over Tcpip. . . . . . . . : Disabled

C:\Documents and Settings\Administrator>route print
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...9c 8e 99 d3 6c a3 ...... Broadcom NetLink (TM) Gigabit Ethernet #2 - Pack
et Scheduler Miniport
0x40004 ...00 05 9a 3c 78 00 ...... Cisco Systems VPN Adapter - Packet Scheduler
 Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.0.1   192.168.0.106       20
   63.160.218.158  255.255.255.255      192.168.0.1   192.168.0.106       1
        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1       1
      192.168.0.0    255.255.255.0    192.168.0.106   192.168.0.106       20
      192.168.0.0    255.255.255.0  192.168.253.200  192.168.253.200      1
      192.168.0.1  255.255.255.255    192.168.0.106   192.168.0.106       1
    192.168.0.106  255.255.255.255        127.0.0.1       127.0.0.1       20
    192.168.0.255  255.255.255.255    192.168.0.106   192.168.0.106       20
      192.168.2.0    255.255.255.0  192.168.253.200  192.168.253.200      1
      192.168.3.0    255.255.255.0  192.168.253.200  192.168.253.200      1
      192.168.4.0    255.255.255.0  192.168.253.200  192.168.253.200      1
      192.168.9.0    255.255.255.0  192.168.253.200  192.168.253.200      1
     192.168.10.0    255.255.255.0  192.168.253.200  192.168.253.200      1
     192.168.11.0    255.255.255.0  192.168.253.200  192.168.253.200      1
     192.168.12.0    255.255.255.0  192.168.253.200  192.168.253.200      1
     192.168.20.0    255.255.255.0  192.168.253.200  192.168.253.200      1
     192.168.30.0    255.255.255.0  192.168.253.200  192.168.253.200      1
     192.168.40.0    255.255.255.0  192.168.253.200  192.168.253.200      1
     192.168.50.0    255.255.255.0  192.168.253.200  192.168.253.200      1
     192.168.51.0    255.255.255.0  192.168.253.200  192.168.253.200      1
     192.168.52.0    255.255.255.0  192.168.253.200  192.168.253.200      1
     192.168.60.0    255.255.255.0  192.168.253.200  192.168.253.200      1
     192.168.95.0    255.255.255.0  192.168.253.200  192.168.253.200      1
    192.168.100.0    255.255.255.0  192.168.253.200  192.168.253.200      1
    192.168.104.0    255.255.255.0  192.168.253.200  192.168.253.200      1
    192.168.107.0    255.255.255.0  192.168.253.200  192.168.253.200      1
    192.168.110.0    255.255.255.0  192.168.253.200  192.168.253.200      1
    192.168.111.0    255.255.255.0  192.168.253.200  192.168.253.200      1
    192.168.112.0    255.255.255.0  192.168.253.200  192.168.253.200      1
    192.168.113.0    255.255.255.0  192.168.253.200  192.168.253.200      1
    192.168.253.0    255.255.255.0  192.168.253.200  192.168.253.200      20
  192.168.253.200  255.255.255.255        127.0.0.1       127.0.0.1       20
  192.168.253.255  255.255.255.255  192.168.253.200  192.168.253.200      20
        224.0.0.0        240.0.0.0    192.168.0.106   192.168.0.106       20
        224.0.0.0        240.0.0.0  192.168.253.200  192.168.253.200      20
  255.255.255.255  255.255.255.255    192.168.0.106   192.168.0.106       1
  255.255.255.255  255.255.255.255  192.168.253.200  192.168.253.200      1
Default Gateway:       192.168.0.1
===========================================================================
Persistent Routes:
  Network Address          Netmask  Gateway Address  Metric
    192.168.0.159  255.255.255.255      192.168.0.1       1

C:\Documents and Settings\Administrator>

JJG
0
helpdesk_compsych
Asked:
helpdesk_compsych
1 Solution
 
Levi GwynCommented:
Pretty sure the provider of the VPN gateway needs to add an access list.  Sorry, it is a router issue from what I gather from your post.  The VPN router will need to be able to route traffic from remote VPN clients to your local LAN in the office.  I don't think adding routes to your PCs will help.
0
 
Ess KayEntrapenuerCommented:
is the printer only connected to the network, or is it assigned to a particular computer
0
 
Ess KayEntrapenuerCommented:
if its connected to the computer, then you can navigate to the compuyter through network neighborhood and find its devices, you should see printer there
0
Transaction-level recovery for Oracle database

Veeam Explore for Oracle delivers low RTOs and RPOs with agentless transaction log backup and transaction-level recovery of Oracle databases. You can restore the database to a precise point in time, even to a specific transaction.

 
helpdesk_compsychAuthor Commented:
robcambra,

I am going to meet with my networking expert tomorrow, I will certainly bring the addition of the access list up. After we do this, I will update the post.

Thanks, much apprecaited!
0
 
helpdesk_compsychAuthor Commented:
esskayb2d,

The printer is not networked. It is added locally via USB cable to one of the Windows clients and then is shared on the local network. I can print to it and see it in network neighboorhood from any Windows client on the network while none of these clients are on VPN.

When a Windows client is connected to VPN, I am not able to get to any other of the Windows clients on the local network inlcuding the Windows client that has the sahred printer via network neighboorhood or any other means. I hope that answers your question. Thanks for you help.

JJG
0
 
Ess KayEntrapenuerCommented:
try though vpn connecting to the server, and from there view the other machines
0
 
hdhondtCommented:
Check that ports 137, 138, 139 and 445 are open on the router. These are used for M$ file and print sharing.

Of course, the HP OfficeJet 8500 is a GDI printer, which are notoriously hard to network.
0
 
Ess KayEntrapenuerCommented:
you can also try to map through the router the direct port to the computer with the printer
0

Featured Post

The IT Degree for Career Advancement

Earn your B.S. in Network Operations and Security and become a network and IT security expert. This WGU degree program curriculum was designed with tech-savvy, self-motivated students in mind – allowing you to use your technical expertise, to address real-world business problems.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now