Hi,

It would seem to me that the VPN Client connection is configured as "Full Tunnel". This means everything from the users computer is tunneled to the VPN connection while its active.

This might cause problems with using local resources at the users LAN at that moment and also if not "properly" configured, might not allow using Internet at the same time.

Two different options come to mind without knowing the specifics

• Ask the remote end to reconfigure the VPN Client connection so that it uses Split Tunneling. While Split Tunneling is in use the VPN Client users computer will only forward traffic destined to specific networks to the VPN connection and all other traffic either stays in the local LAN or heads out the local Internet connection like usual.
• Ask the remote end to configure the VPN Client connection so that it also permits Internet connectivity through the VPN Client connection. In this case the users Internet traffic would first travel to the remote site through the VPN and then possibly "hairpin" to Internet through the customers VPN devices outside interface

While connected with the VPN client, you can confirm how the VPN has been configured by looking at the "Statistics" section of the VPN software. It should contain a section for routes. Check what the routes section says. (might be different depending if you are using the Cisco VPN Client or Cisco AnyConnect VPN Client)

If it has

• 0.0.0.0 0.0.0.0  = It means that all traffic is forwarded to the VPN while its active
  • Full Tunnel
• = It means only traffic destined to that specific network will be forwarded to the VPN (may contain multiple lines ofcourse)
  • Spit Tunnel

Hopefully the above was of some help

Please do rate if you found the information helpfull and/or ask more questions

- Jouni

Thanks for that.

In my conversation with the customer, they said they had split-tunneling turned off, and it was going to stay that way for security reasons. So looks like using "our" internet will not happen.

So it seems that all I really need is print jobs created on their machines/VMs to come over to our network and see our printers.

When we go to install a printer within their network, we can't see ours (we're on a print server), only theirs.

What makes me think it's on their side is that I have some users now who can print within their network to our local printers, and some that can't.

Hi,

I must admit that I have very little expirience on the IT side as my work doesnt really require it (but would naturally benefit alot from knowing more).

But isnt the situation so that if you use RDP connection to a remote server, you can also use your local printers from the RDP desktop?

If this is the case I would assume the problem is the Full tunnel type configuration of the VPN. Your users stop seing even their local devices/printers while they are connected to the VPN (as all traffic is now tunneled, even for the local connected network) and therefore you cant use your local network printers.

The thing in this situation would probably be to keep the VPN Client connection as Full Tunnel (for the most part in this case) BUT exclude users local network ranges from the VPN Client connection, from being tunneled to the VPN and they would probably then be able to use their local network printers while connected with RDP.

Though this wouldnt explain why some users are able to print just fine to local printers? This again would point towards a situation where this type of "excluding local networks from VPN" would be in use or the Split Tunneling would be in use already. Unless they have forgotten to mention that they use USB connected printers instead of network printers

Are all the users connecting from behind random Internet connection with different local network network ranges? Or are all users always connected to the same LAN when they use the VPN Client connection?

- Jouni

We do have internet access from inside their network. Users can browse the web, albeit slowly. I believe that was option 2. Option 1 would be awesome, but we're definitely not getting that.