WinGate Forums

[macca448]

Hi,

We are setting up our accounts where our parent hosts the system and we use a Telstra IPSec VPN between Sydney and Auckland

Getting the thin client running behind WinGate was simple, we just put a TCP map in for port 23 and it burst into life

What we can't seem to get going is the printing.

How do I allow the printing to originate in Sydney and print to one of two IP printer we have behind our Wingate firewall

Configuration as follows

WinGate Version 6.6.4
on an old (but very stable and reliable) Windows 2000 PC

In Auckland
Wingate DMZ IP 10.0.15.2
Wingate Local IP 10.0.14.4
Printer #1 IP 10.0.14.252
Printer #2 IP 10.0.14.225
Cisco Router/gateway 10.0.15.254

In Sydney
Main accounts server IP 10.0.0.15
Accounts print server IP 10.0.0.57

I would of thought that opening the printing port 9100 in extended networking would of worked but no, nothing. What I think is the problem is that Wingate doesn't see the 10.0.0.57 IP as internet source being a private range IP? Obviously wingate doesn't pass the ping requests either

To proove that the VPN passes the printing we temporarily put the 10.0.14.225 printer into the DMZ on 10.0.15.225 and it worked fine (as we hoped) which leads us to this request for assistance.

thanx
Ralph

[adrien]

Hi

are you seeing any hits in WinGate's firewall tab?

Regards

Adrien

[macca448]

a bit of an update

I found this post viewtopic.php?f=12&t=39537&p=32510&hilit=remote+printing#p32510
and followed the instructions and it seems to work as much as there was a bit of garbage in the printing which I think its the Aussies not installing the wrong drivers, but in essence it seems to work fine.

My next issue is how do I get the second printer running? They will both use 9100 as a port and so far I've found no way to change that in the device setting?
With the extended network in WG set as a re-direct for port 9100 its limited to 1 printer effectivly?

Any suggestions of how I could deal with it in WinGate?

thanx for the fast reply

Regards
Ralph

[adrien]

Hi

Fundamentally, if you have an IPSEC VPN between the 2 sites, then the computers should be individually addressable?

So the VPN client is running on a computer behind WinGate and connects via WinGate to the Sydney office?

If so, you shouldn't need to use mapped ports for printing. Sydney should just be able to connect to the private IPs on your LAN.

Adrien

[macca448]

that's true for DMZ pc's on the same subnet as the Cisco DSL router which as I understand it is the VPN end point
problem is the printers are behind the wingate firewall so you can't ping or print to them unless I set up a the print driver on the Sydney PC to point to the wingate DMZ IP 10.0.0.2 and then in Wingate do a port 9100 redirect to one of the 2 printers and there lies the question

At the moment we think we have to try and change the port on the printer itself so we can set up a second redirect

thanx

[adrien]

depending on setup, WinGate could route to those other machines rather than port forward.

But another port should also do the trick.

[macca448]

Thanx for your patience Adrien,

Are you able to explain the "ROUTE" set-up for me. It would be preferred as changing the port on the device isn't that simple a task.

My original attempt was to open the port in extended networking like so

Port 9100 Allow.JPG (75.93 KiB) Viewed 5372 times

But that didn't work so as previously stated I found something similar in the forum and used the re-direct setting instead like so

Port 9100 redir.JPG (50.58 KiB) Viewed 5372 times

Again, thanx for your assistance with this.
Regards
Ralph

[adrien]

Hi

in order for WinGate to do this by routing, the clients using the printers need to know / use the actual printers IPs. Currently I presume they are configured to connect to the IP of the WinGate computer.

That means the subnet that the printers reside on, must be known across the VPN. This then comes down to publishing routes, setting routes (or default gateway) on computers on the remote network.

The local VPN gateway also needs to know about this subnet and know to pass packets for it to WinGate.

After that, if the packets are received by WinGate on an internal adapter, going to another internal adapter, they will be routed rather than address-translated.

Regards

Adrien