0

I'm a volunteer network admin for a multi-tenant non-profit office space. One of our new tenants uses a VPN to connect to remote resources using RRAS and Small Business Server 2008. They also have a local network printer for the workstations in our office. When connected to the VPN, they cannot print to the local printer.

I informed their network admin that they need to enable split-tunneling to fix this. Their network admin enabled split-tunneling, but apparently printing still didn't work. He told me that I need to open port 1723 on our office firewall to allow it to work. I'm just a novice administrator and not familiar with RRAS, but this doesn't sound right to me and I haven't been able to find anything on the web to validate it. Additionally, my understanding of split-tunneling is that it is handled entirely by the VPN client and should work irrespective of firewall settings.

Is my understanding of the situation incorrect? What steps should I take to resolve this problem?

dcharles
  • 149
  • 9

1 Answers1

1

The split-tunnelling setting is often only about DNS, so your tenant also needs to check:

  1. that he/she doesn't have 'use remote gateway' enabled, i.e. when the VPN is running, can their computer get to the internet without going through the VPN tunnel?
  2. that their VPN client allows local LAN traffic

These two options might be covered by the same setting...

DutchUncle
  • 1,265
  • 8
  • 16
  • Thanks for the help. This did point me in the right direction. I found out that the remote and local networks are on the same subnet and that appears to be causing the conflict. I'm not sure how to get around that at this point, but I'm looking into it. – dcharles Feb 25 '11 at 05:14
  • There's VPN solutions that can cope with this, but it would mean setting up the client so that ALL its traffic is sent through the VPN tunnel (something you don't want), or you start setting up static routes for specific (printer,server) IP addresses, not nice. So just change the subnet of one of the networks. – DutchUncle Feb 25 '11 at 15:41