Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 4 replies
  • Subscribers 5 subscribers
  • Views 5456 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SSL Remote Access Users Cannot see local printer

Andrew K

We have several remote users that are setup with remote access SSL. Thay can connect to the main office just fine but they cannot print to their local printers while connect to the VPN. They have to disconnect to see there local printers and print. I was looking for a split tunnel setting so users can still see thier local network but have failed to find any settings like this. Our main office is using a SG210 firmware ver 9.510-5



This thread was automatically locked due to age.
Parents
  • 0

    Might be a problem if your home user's subnet and your corporate subnet(s) overlap.   192.168.1.0/24 is the most common cause of overlaps.  

  • 0 in reply to DouglasFoster

    Good point, Doug.  Another reason that I recommend against changing the definitions of the VPN Pools.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    I was not thinking of the IP address assigned from the IP pool, as I assumed that it was unique.

    Assume that the VPN Allowed Networks list includes 192.168.1.0/24, and the home network is also 192.168.1.0/24.   When the user attempts to connect to 192.168.1.10, the VPN client has to choose a path, and I am guessing that the order of precedence will always be:

    • Local PC loopback
    • Inside the VPN tunnel
    • Outside the VPN tunnel

    If the printer is on 192.168.1.10, the client will send the packet through the tunnel, whether the other end has a device on that address or not.

    Of course, if the LAN-based printer can be configured with a protocol other than TCP/IP, the VPN tunnel will not be a problem.

    Alternatively if the remote network is 10.10.0.0/16 and the home network is 192.168.1.0/24, I think the local printers will work perfectly because there will be no routing ambiguity.

     

     

Reply
  • 0 in reply to BAlfson

    I was not thinking of the IP address assigned from the IP pool, as I assumed that it was unique.

    Assume that the VPN Allowed Networks list includes 192.168.1.0/24, and the home network is also 192.168.1.0/24.   When the user attempts to connect to 192.168.1.10, the VPN client has to choose a path, and I am guessing that the order of precedence will always be:

    • Local PC loopback
    • Inside the VPN tunnel
    • Outside the VPN tunnel

    If the printer is on 192.168.1.10, the client will send the packet through the tunnel, whether the other end has a device on that address or not.

    Of course, if the LAN-based printer can be configured with a protocol other than TCP/IP, the VPN tunnel will not be a problem.

    Alternatively if the remote network is 10.10.0.0/16 and the home network is 192.168.1.0/24, I think the local printers will work perfectly because there will be no routing ambiguity.

     

     

Children
No Data
Unfiltered HTML