My Wife and I connect into work via VPN software (Nortel's Contivity VPN Client). She has a laptop (Win2k) that is used both at work and home. I use our home PC (WinXP Pro). I have two printers connected to the home PC that are shared in XP. We have a basic wired 10/100 Base-T network to plug the laptop in. The network is simply a Linksys BEFSX41 VPN/firewall/router connected to the cable modem and cat5 cables for the laptop and PC.
When the laptop is plugged into the network (but not on the VPN), it can send things to the printer just fine. However, if either the laptop or the home PC (or both) is logged into the VPN, the laptop cannot print locally. The home PC can always print fine. I am assuming it is because the VPN tunnel starts at the computer itself so the shared printers are "outside" the tunnel that the laptop sees.
I thought about getting a basic print server to connect the printers directly to the router instead of sharing them, but I am guessing that the same problem will exist. Is my assumption correct? The Nortel VPN software is the required way to connect to work, so I cannot use the VPN endpoint that is already part of the router for this, which I believe would be one way to solve the problem. This seems to come down to how to leave the home LAN open for use while also using the VPN LAN remotely at work. Any suggestions on how to resolve this issue?
Essentially there could be two reasons for the problem you are experiencing and the way to debug it further is simple if you know your work network's IP addressing scheme or the configuration of your VPN client.
The first potential reason you are losing connectivity to your home printers is because of the infamous "double nat" problem. The standard IP address range that the DHCP server built into Linksys home routers is 192.168.1.0/24. It is possible that your office network serves addresses from the same subnet and is NATing those addresses out the Internet. Once a VPN connection is established from your PC, typically the clients learn routes to the central office network over the tunnel and when your PC is trying to access the printer for your home network the traffic is really going out towards the corporate network because that route will take precedence. The simple solution to this problem is to simply reconfigure your Linksys router to provide IP addresses to your PC's and printers that are not from the same subnet that may exist in your corporate network. I have run into the same exact problem at home while testing the Chantry Networks Beaconworks WLAN solution and its integration with our corporate VPN client. Knowing the corporate network IP addressing scheme and the home network addressing scheme will make this problem (and solution) obvious.
There is a possibility in your case that the addressing scheme is not the issue. Your home network and your corporate network addresses may come from totally disparate subnets. Now it is important to understand your VPN client/server configuration. VPN clients (and I know Nortel's client has this feature) come with a feature called "split tunneling." If "split tunneling" is DISabled then all your traffic is being forced out the tunnel and no traffic is able to get to your home network. The obvious solution to this is to request that split tunneling be enabled. Corporations prefer to disable split tunneling as it gives them the sense of security that sessions will not be hijacked or they like to monitor the type of traffic and utilization of the remote workers. If it is indeed the case that split tunneling is disabled there is no harm in asking for a change in the configuration. If that is not possible, then there is no easy solution as you will need to work within the security policy of your corporation. Simply put, you will have to disconnect the VPN when you want to print.
Dig Deeper on Network Infrastructure
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.