printer on a different subnet over VPN

Unanswered Question
Jun 6th, 2007

I have an ipsec VPN up and running between site A and B. The two site can communicate well.

Site A:

506E with IOS 6.3



Site B:




How can I print from the server at site A to a printer at Site B?

Right now, I have an ACL list as below:

access-list printerACL permit ip host

access-list printerACL permit ip host

I have no luck talking to the printer at site B

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Jon Marshall Thu, 06/07/2007 - 09:49


Is there a typo in Site B config. The subnet is but the printer is

When you say the two sites are communicating well it that between the network and the network only or both the network and the network ?


xomchua76 Thu, 06/07/2007 - 10:01


Not a typo. The printer is on a different subnet. That's why I need help. Communication well means the subnet between and


Jon Marshall Thu, 06/07/2007 - 10:03


Have you included the subnet in your cryto map access-list and has the sonicwall also been configured with that subnet ?


xomchua76 Thu, 06/07/2007 - 10:19


Yes, both side have the subnet in their crypto map. When I do a ping from the server @ site A, I don't see any thing hitting the sonicwall @ site B. I don't know where packets get drop.


xomchua76 Thu, 06/07/2007 - 10:26

Already applied NAT 0, I know packages don't go through the outside interface.


acomiskey Thu, 06/07/2007 - 10:34

I assume the printer has a gateway? You can print to it from

Jon Marshall Thu, 06/07/2007 - 11:02


Have you tried debugging on your pix firewall to make sure that

1) packets are hitting the firewall destined for the printer on the inside interface.

2) encrypted packets are leaving the outside interface. If there is a lot of VPN activity then it will be difficult to tell with this one but sometimes it if your run 1 & 2 together it can be quite clear that packets are hitting the inside and then leaving the outside.

Also are there any other devices on the network you could test connectivity against.



This Discussion