Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1273
Views
0
Helpful
3
Replies

VPN printing

mickyq
Level 1
Level 1

‎03-11-2016 07:15 AM

Hi

Is there a way to print while on VPN to local printer without split tunnelling?

Secondly, is there a way to print to a local printer from an app in SSL VPN

Thanks

Labels:
0 Helpful
3 Replies 3

Dinesh Moudgil
Cisco Employee
Cisco Employee

‎03-11-2016 08:17 AM

Hi Michael,

Check this section "Client Firewall with Local Printer and Tethered Device Support" 

http://www.cisco.com/c/en/us/td/docs/security/vpn_client/anyconnect/anyconnect30/administration/guide/anyconnectadmin30/ac03vpn.html#pgfId-1321056

So basically, you can use exclude specified and select client firewall rules to allow local printing.

I do not think there is an app in SSL VPN which you could leverage to do the printing.

Regarding 

Regards,
Dinesh Moudgil

P.S. Please rate helpful posts.

Cisco Network Security Channel - https://www.youtube.com/c/CiscoNetSec/
0 Helpful

Marius Gunnerud
VIP
VIP
In response to Dinesh Moudgil

‎03-13-2016 01:45 PM

actually the exclude specified is for tethered device support.  If you are just looking to print locally then you only need to go to the group-policy you are using for the AnyConnect connection > Advanced > AnyConnect Client > Client Firewall.  Then create an ACL following the ACL table in the document that Dinesh provided and apply it to the public interface.  Then go to the client PC and open the AnyConnect setting and under Preferences select "Allow local (LAN) access when using VPN"

From the CLI you can enter the following:

    
      access-list AnyConnect_Client_Local_Print line 4 extended permit tcp any4 any4 eq 631
      access-list AnyConnect_Client_Local_Print line 6 extended permit tcp any4 any4 eq 9100
      access-list AnyConnect_Client_Local_Print line 8 extended permit udp any4 host 224.0.0.251 eq 5353
      access-list AnyConnect_Client_Local_Print line 10 extended permit udp any4 host 224.0.0.252 eq 5355
      access-list AnyConnect_Client_Local_Print line 12 extended permit tcp any4 any4 eq 137
      group-policy AnyConnect_GP attributes
        webvpn
          anyconnect firewall-rule client-interface public value AnyConnect_Client_Local_Print

--

Please remember to select a correct answer and rate helpful posts

--
Please remember to select a correct answer and rate helpful posts
0 Helpful

ilukeberry
Level 1
Level 1

‎03-13-2016 03:16 PM

http://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/70847-local-lan-pix-asa.html

check this i had great success with this.

0 Helpful
Customers Also Viewed These Support Documents