Printing from the office laptop to the home PC

In the course of searching for a resolution to my problem, I've turned up
various things on connecting "office" laptops to "home" desktops and the ins
and outs of domains and workgroups, but nothing quite addresses my problem.
It's hard to know how much detail to provide - the following is a rough
outline, but I can provide more info if needed.

I mostly work from home using the corporate laptop. It runs Win 2K Pro
(SP4), connected to the corporate WAN through dial-up and the Nortel
Contivity VPN client. It's part of the corporate domain. All OK.

My printer, though, is my home printer. It's connected to a USB port on my
home desktop (which runs Win XP Home SP1). The home PC is part of a home
workgroup with my wife's laptop and sometimes other machines too.

The two PCs are connected via an ethernet switch. By the way, that switch
is also an ISDN router - I use the latter function for home internet access.
It's configured to block packets from my office laptop so that they don't go
onto the internet. (This blocking does not affect its ethernet switching,
of course). The router does a good job as a firewall, but I've also got
Zonealarm on the home PC (and the XP firewall is disabled).

IP addresses: the switch/router doles addresses out via DHCP to the ethernet
ports of both machines, though in practice the address each machine gets
never seems to vary, irrespective of which is booted when. The dial-up
connection from my laptop gets a different address from the corporate DHCP
server. All these IP addresses are non-routable (for example, in the
10.x.x.x or 192.168.x.x ranges)

No account name on the Win2K laptop matches an account on the WinXP home PC,
though the latter does have its guest account enabled.

With my laptop offline (not dialled up to the corporate WAN), it can see and
print to the printer on my home PC (using printer sharing, of course). It
used to take 30 seconds or more to find the printer and send things to it,
but I found that the NET USE command speeded things up a lot (NET USE LPT3:
"\\MyHomePC\My Home Printer").

Now for the problem. As soon as I get connected to the corporate WAN with
the Contivity client, the laptop loses all sight of the home PC (and vice
versa). Printing no longer works. If I'm printing a local document (a Word
file or whatever), I can "solve" the problem temporarily by telling the VPN
client to disconnect. Then I get the printer back and can print - until I
reconnect. That's not so great - it's fiddly and time-consuming - but at
least it works. However, it's totally useless for printing things that are
online (things on the intranet, for example) as I can't be online and print
at the same time.

Occasionally, I need to share files too - the home PC tends to lead the
laptop in terms of software and hardware facilities so that from time to
time I move stuff to the home PC.

Does anyone have any suggestions? I've already had the official "get an
office printer" answer, but I don't have room in my study.

Thanks in advance
Tim




Tim

In article <(E-Mail Removed)>, "Tim"
(E-Mail Removed) says...
> In the course of searching for a resolution to my problem, I've turned up
> various things on connecting "office" laptops to "home" desktops and the ins
> and outs of domains and workgroups, but nothing quite addresses my problem.
> It's hard to know how much detail to provide - the following is a rough
> outline, but I can provide more info if needed.
>
> I mostly work from home using the corporate laptop. It runs Win 2K Pro
> (SP4), connected to the corporate WAN through dial-up and the Nortel
> Contivity VPN client. It's part of the corporate domain. All OK.
>
> My printer, though, is my home printer. It's connected to a USB port on my
> home desktop (which runs Win XP Home SP1). The home PC is part of a home
> workgroup with my wife's laptop and sometimes other machines too.
>
> The two PCs are connected via an ethernet switch. By the way, that switch
> is also an ISDN router - I use the latter function for home internet access.
> It's configured to block packets from my office laptop so that they don't go
> onto the internet. (This blocking does not affect its ethernet switching,
> of course). The router does a good job as a firewall, but I've also got
> Zonealarm on the home PC (and the XP firewall is disabled).
>
> IP addresses: the switch/router doles addresses out via DHCP to the ethernet
> ports of both machines, though in practice the address each machine gets
> never seems to vary, irrespective of which is booted when. The dial-up
> connection from my laptop gets a different address from the corporate DHCP
> server. All these IP addresses are non-routable (for example, in the
> 10.x.x.x or 192.168.x.x ranges)
>
> No account name on the Win2K laptop matches an account on the WinXP home PC,
> though the latter does have its guest account enabled.
>
> With my laptop offline (not dialled up to the corporate WAN), it can see and
> print to the printer on my home PC (using printer sharing, of course). It
> used to take 30 seconds or more to find the printer and send things to it,
> but I found that the NET USE command speeded things up a lot (NET USE LPT3:
> "\\MyHomePC\My Home Printer").
>
> Now for the problem. As soon as I get connected to the corporate WAN with
> the Contivity client, the laptop loses all sight of the home PC (and vice
> versa). Printing no longer works. If I'm printing a local document (a Word
> file or whatever), I can "solve" the problem temporarily by telling the VPN
> client to disconnect. Then I get the printer back and can print - until I
> reconnect. That's not so great - it's fiddly and time-consuming - but at
> least it works. However, it's totally useless for printing things that are
> online (things on the intranet, for example) as I can't be online and print
> at the same time.

You can print to file, and send the file to the printer later.
>
> Occasionally, I need to share files too - the home PC tends to lead the
> laptop in terms of software and hardware facilities so that from time to
> time I move stuff to the home PC.
>
> Does anyone have any suggestions? I've already had the official "get an
> office printer" answer, but I don't have room in my study.
>
Sounds like you need to tweak the routing table, as I suspect that LAN
traffic is disappearing up the VPN never to be seen again. But I'm too
tired to think about it ATM.

"Rob Morley" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed) t...
> In article <(E-Mail Removed)>, "Tim"
> (E-Mail Removed) says...
> >
<snip>
> > Now for the problem. As soon as I get connected to the corporate WAN
with
> > the Contivity client, the laptop loses all sight of the home PC (and
vice
> > versa). Printing no longer works. If I'm printing a local document (a
Word
> > file or whatever), I can "solve" the problem temporarily by telling the
VPN
> > client to disconnect. Then I get the printer back and can print - until
I
> > reconnect. That's not so great - it's fiddly and time-consuming - but
at
> > least it works. However, it's totally useless for printing things that
are
> > online (things on the intranet, for example) as I can't be online and
print
> > at the same time.
>
> You can print to file, and send the file to the printer later.
Good idea. Better than not being able to print at all!

> >
> > Occasionally, I need to share files too - the home PC tends to lead the
> > laptop in terms of software and hardware facilities so that from time to
> > time I move stuff to the home PC.
> >
> > Does anyone have any suggestions? I've already had the official "get an
> > office printer" answer, but I don't have room in my study.
> >
> Sounds like you need to tweak the routing table, as I suspect that LAN
> traffic is disappearing up the VPN never to be seen again. But I'm too
> tired to think about it ATM.
Ah - yes I must be tired too. I forgot to mention that when I try to print
while the laptop is online, I see the "lights" flashing for traffic over the
VPN connection (even if I'm just trying to print a local doc). So it's
going the wrong way.

Tim

"Tim" <(E-Mail Removed)> wrote in message news:<(E-Mail Removed)>...
> "Rob Morley" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed) t...
> > In article <(E-Mail Removed)>, "Tim"
> > (E-Mail Removed) says...
> > >
> <snip>
> > > Now for the problem. As soon as I get connected to the corporate WAN
> with
> > > the Contivity client, the laptop loses all sight of the home PC (and
> vice
> > > versa). Printing no longer works. If I'm printing a local document (a
> Word
> > > file or whatever), I can "solve" the problem temporarily by telling the
> VPN
> > > client to disconnect. Then I get the printer back and can print - until
> I
> > > reconnect. That's not so great - it's fiddly and time-consuming - but
> at
> > > least it works. However, it's totally useless for printing things that
> are
> > > online (things on the intranet, for example) as I can't be online and
> print
> > > at the same time.
> >
> > You can print to file, and send the file to the printer later.
> Good idea. Better than not being able to print at all!
>
> > >
> > > Occasionally, I need to share files too - the home PC tends to lead the
> > > laptop in terms of software and hardware facilities so that from time to
> > > time I move stuff to the home PC.
> > >
> > > Does anyone have any suggestions? I've already had the official "get an
> > > office printer" answer, but I don't have room in my study.
> > >
> > Sounds like you need to tweak the routing table, as I suspect that LAN
> > traffic is disappearing up the VPN never to be seen again. But I'm too
> > tired to think about it ATM.
> Ah - yes I must be tired too. I forgot to mention that when I try to print
> while the laptop is online, I see the "lights" flashing for traffic over the
> VPN connection (even if I'm just trying to print a local doc). So it's
> going the wrong way.
>
> Tim

I think that you'll need to get the guys who look after your Contivity
VPN server to configure "split tunneling". That will differentiate
between traffic destined for the corporate network and any other
traffic. If you look at the IP routing on your PC (route print or
netstat -nr) after you have connected to the VPN, you'll probably find
that everything is routed into the VPN. With split tunneling, the IP
route into the VPN will only route corporate traffic and your IP
routes that existed before you enabled the Contivity client will still
be available.

Of course, the your Contivity administrators may say that you can't
have split tunneling as it does create a security risk to a certain
extent for the corporate LAN. This is because you could potentially be
connected to the internet and the corporate LAN simultaneously and
they may not trust any security measures that you have in place on
your home network.

Pete

In message <(E-Mail Removed) >, Pete
Mainwaring <(E-Mail Removed)> writes
>
>Of course, the your Contivity administrators may say that you can't
>have split tunneling as it does create a security risk to a certain
>extent for the corporate LAN. This is because you could potentially be
>connected to the internet and the corporate LAN simultaneously and
>they may not trust any security measures that you have in place on
>your home network.

My employer has banned this practice because they got a virus that way.
It certainly isn't just "potential".
--
Save the Hubble Space Telescope!
Remove spam and invalid from address to reply.

Jonathan Silverlight <(E-Mail Removed)> wrote in message news:<(E-Mail Removed)>...
> In message <(E-Mail Removed) >, Pete
> Mainwaring <(E-Mail Removed)> writes
> >
> >Of course, the your Contivity administrators may say that you can't
> >have split tunneling as it does create a security risk to a certain
> >extent for the corporate LAN. This is because you could potentially be
> >connected to the internet and the corporate LAN simultaneously and
> >they may not trust any security measures that you have in place on
> >your home network.
>
> My employer has banned this practice because they got a virus that way.
> It certainly isn't just "potential".

Thanks Jonathan, that proves my point nicely (you could argue, of
course, that your employer should have had their virus signature files
up to date!).

Pete

Jonathan Silverlight <(E-Mail Removed)> wrote in message news:<(E-Mail Removed)>...
> In message <(E-Mail Removed) >, Pete
> Mainwaring <(E-Mail Removed)> writes
> >
> >Of course, the your Contivity administrators may say that you can't
> >have split tunneling as it does create a security risk to a certain
> >extent for the corporate LAN. This is because you could potentially be
> >connected to the internet and the corporate LAN simultaneously and
> >they may not trust any security measures that you have in place on
> >your home network.
>
> My employer has banned this practice because they got a virus that way.
> It certainly isn't just "potential".

....... although, I can't really be critical from the latest virus
signature point of view as we have had two major virus/worm attacks
recently.

Pete

"Pete Mainwaring" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed) om...
> "Tim" <(E-Mail Removed)> wrote in message
news:<(E-Mail Removed)>...
> > "Rob Morley" <(E-Mail Removed)> wrote in message
> > news:(E-Mail Removed) t...
> > > In article <(E-Mail Removed)>, "Tim"
> > > (E-Mail Removed) says...
> > > >
<snip>
> I think that you'll need to get the guys who look after your Contivity
> VPN server to configure "split tunneling". That will differentiate
> between traffic destined for the corporate network and any other
> traffic. If you look at the IP routing on your PC (route print or
> netstat -nr) after you have connected to the VPN, you'll probably find
> that everything is routed into the VPN. With split tunneling, the IP
> route into the VPN will only route corporate traffic and your IP
> routes that existed before you enabled the Contivity client will still
> be available.
>
> Of course, the your Contivity administrators may say that you can't
> have split tunneling as it does create a security risk to a certain
> extent for the corporate LAN. This is because you could potentially be
> connected to the internet and the corporate LAN simultaneously and
> they may not trust any security measures that you have in place on
> your home network.
>
> Pete

Thanks for the tips. In fact, a "route print" showed the route that had
been set up to divert the traffic for my LAN's IP address space through the
VPN and onto the corporate WAN. Other routes were set up which would have
sent the traffic out through the ethernet port, but one route grabbed it all
and sent it through the VPN client.

So all I had to to was a "route delete ..." with the parameters for the
relevant route - and hey presto, I can print!

I've now got myselft a little batch file that does the route delete,
followed by a NET USE command to assign the printer on my home PC to LPT3:
on my laptop. Instant printing. No split tunnelling required.

Tim