Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
549
Views
0
Helpful
9
Replies

printer on a different subnet over VPN

xomchua76
Level 1
Level 1

‎06-06-2007 04:10 PM - edited ‎03-11-2019 03:26 AM

I have an ipsec VPN up and running between site A and B. The two site can communicate well.

Site A:

506E with IOS 6.3

subnet: 10.7.7.0 255.255.255.0

server: 10.7.7.3

Site B:

Sonicwall

subnet: 192.168.1.0 255.255.255.0

printer: 192.168.224.34

How can I print from the server at site A to a printer at Site B?

Right now, I have an ACL list as below:

access-list printerACL permit ip host 10.7.7.3 192.168.1.0 255.255.255.0

access-list printerACL permit ip host 10.7.7.3 192.168.224.0 255.255.255.0

I have no luck talking to the printer at site B

Labels:
0 Helpful
9 Replies 9

Jon Marshall
Hall of Fame
Hall of Fame

‎06-07-2007 09:49 AM

Hi

Is there a typo in Site B config. The subnet is 192.168.1.0/24 but the printer is 192.168.224.34.

When you say the two sites are communicating well it that between the 10.7.7.0/24 network and the 192.168.1.0/24 network only or both the 192.168.1.0/24 network and the 192.168.22.34 network ?

Jon

0 Helpful

xomchua76
Level 1
Level 1
In response to Jon Marshall

‎06-07-2007 10:01 AM

Jon,

Not a typo. The printer is on a different subnet. That's why I need help. Communication well means the subnet between 10.7.7.0/24 and 192.168.1.0/24.

Jason

0 Helpful

Jon Marshall
Hall of Fame
Hall of Fame
In response to xomchua76

‎06-07-2007 10:03 AM

Jason

Have you included the subnet 192.168.224.0 in your cryto map access-list and has the sonicwall also been configured with that subnet ?

Jon

0 Helpful

xomchua76
Level 1
Level 1
In response to Jon Marshall

‎06-07-2007 10:19 AM

Jon,

Yes, both side have the subnet 192.168.224.0/24 in their crypto map. When I do a ping from the server @ site A, I don't see any thing hitting the sonicwall @ site B. I don't know where packets get drop.

Jason

0 Helpful

acomiskey
Level 10
Level 10
In response to xomchua76

‎06-07-2007 10:22 AM

What about nat 0?

0 Helpful

xomchua76
Level 1
Level 1
In response to acomiskey

‎06-07-2007 10:26 AM

Already applied NAT 0, I know packages don't go through the outside interface.

Jason

0 Helpful

acomiskey
Level 10
Level 10
In response to xomchua76

‎06-07-2007 10:34 AM

I assume the printer has a gateway? You can print to it from 192.168.1.0?

0 Helpful

xomchua76
Level 1
Level 1
In response to acomiskey

‎06-07-2007 10:54 AM

Acomiskey,

Yes. The printer has a gateway.

Jason

0 Helpful

Jon Marshall
Hall of Fame
Hall of Fame
In response to xomchua76

‎06-07-2007 11:02 AM

Jason

Have you tried debugging on your pix firewall to make sure that

1) packets are hitting the firewall destined for the printer on the inside interface.

2) encrypted packets are leaving the outside interface. If there is a lot of VPN activity then it will be difficult to tell with this one but sometimes it if your run 1 & 2 together it can be quite clear that packets are hitting the inside and then leaving the outside.

Also are there any other devices on the 192.168.224.0 network you could test connectivity against.

Jon

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card