Network Printing over VPN

Incident response
Intrusion management
Network security
Hello, I am currently having an issue printing to network printers over our new site-to-site VPN tunnels. We have two remote networks with a couple HP network printers and the AS/400 cannot connect to them. I also cannot ping computers on the remote networks but all the computers can connect to the AS/400. I have opened up the firewall to accept all incoming traffic on the WAN of the remote offices because all the traffic gets filtered through our home office and there is still no connection. Any ideas?

Answer Wiki

Thanks. We'll let you know when a new response is added.

do the Printers have the Gateway programed in? We had some printers we could not print to at another site turned out no one entered the Gateway address.

Discuss This Question: 4  Replies

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.
  • Bigshybear
    This sounds like it could be a routing problem, not just a printer problem. Default gateway on the printer is a possibility, but to me it sounds more like the far side has two or more routers and the traffic to the AS400 is going through one router, and the VPN is going through a different router, and the router for the AS400 is programmed with the route to your network segment but the other router is not. You need to be able to ping end to end. Start there and figure out why you cannot.
    0 pointsBadges:
  • Wbdawson
    I would agree with the statement about this being a routing problem. Sounds like the traffic goes one way but not the other. You stated that you could not ping the remote computers but that they could connect to the AS/400. This may mean a couple things, one that the interesting traffic to be sent to the remote sites has not be defined correctly or that it is filtered on the way back. My recommendation would be watch the tunnel during a time of the day when the remote sites aren't generating traffic. Try to access the remote sites from the side where there AS/400 is located via ICMP, then try something like telnet or http. See if the tunnel ever comes up. If it doesn't then you need to look at your routes and how the interesting traffic to the remote sites is defined. If the tunnel does come up then move along the path hop-by-hop (i.e. telnet/ssh to the next router/firewall/concentrator trying to get to the remote side PC's. Eventually you will get response and this will help you identify where the problem is.
    0 pointsBadges:
  • Atomas
    You might look at your encryption domain on both sides of the VPN. Maybe you encrypt only one way? If you encrypt one way and not decrypting on the other side, traffic will be dropped, and traffic going through the opposite way will never get encrypted and would get through with no problem. Just something to look at as a suggestion.
    0 pointsBadges:
  • KarenL
    It could be a routing problem, but it could also be a firewall problem. Check your rules on all the firewalls that they allow the trafic through. For the test open all traffic between the networks in BOTH directions on all the firewalls. If this doesn't help, its definately a routing or default gateway problem. If it does help, adjust the rules so only the ports you need are open (as400 uses port 515 for printers) Are you using private IP addresses on all the networks? I suggest that you leave ICMP open between your networks so that you can debug communication problems.
    20 pointsBadges:

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

Thanks! We'll email you when relevant content is added and updated.


Share this item with your network: