AnyConnect vpn and a tunnel vpn Firewall even outside of the interface.

Similar Questions

• Backup Tunnel VPN Firewall even

  I have 2 VPN tunnels on the same worm 6.3 pix firewall (5) tunnels goes to the remote site. On the remote site, there are 2 internet circuits has a primary and a secondary. The primary circuit goes to one tunnel on my firewall and secondary goes to another tunnel on my firewall that only appears when the primary circuit breaks down.

  We notice that when the primary circuit falls backup on the pix firewall tunnel is up but the traffic stops flowing after a few minutes and I need to erase the crypto isakmp before traffic starts to flow again.

  Am I missing something with my setups when VPN is similar to this type of installation?

  You must configure the tunnel dpd so that once the main tunnel breaks down the PIX must erase the SA for this tunnel.

  now based on the code that you have 6.3 (5), keepalive feature is not available

  http://www.Cisco.com/en/us/docs/security/PIX/pix63/command/reference/c.html#wp1034654

  Thank you

  -Syed

• AnyConnect VPN is not access to the ASA

  Hello

  I have an ASA 5512 - x configured as a hub AnyConnect VPN, but when I connect I can not access the firewall... I can ping the address 10.4.11.2 but I can not connect... No idea what to do? It's the running configuration:

  : Saved

  :

  ASA 1.0000 Version 2

  !

  asa-oi hostname

  domain xx.xx.xx.xx

  activate 7Hb0WWuK1NRtRaEy encrypted password

  2KFQnbNIdI.2KYOU encrypted passwd

  names of

  1.1.1.1 DefaultGW-outside name description default gateway outside

  name 10.4.11.1 description DefaultGW - Default Gateway inside Inside

  !

  interface GigabitEthernet0/0

  nameif inside

  security-level 100

  IP 10.4.11.2 255.255.255.0

  !

  interface GigabitEthernet0/5

  No nameif

  no level of security

  no ip address

  !

  interface GigabitEthernet0/5.2000

  VLAN 2000

  nameif outside

  security-level 0

  IP 1.1.1.2 255.255.255.252

  !

  interface Management0/0

  Shutdown

  No nameif

  no level of security

  no ip address

  management only

  !

  boot system Disk0: / asa861-2-smp - k8.bin

  passive FTP mode

  clock timezone BRST-3

  clock summer-time recurring BRDT 2 Sun Oct 0:00 Sun Feb 3 0:00

  DNS lookup field inside

  DNS domain-lookup outside

  DNS server-group DefaultDNS

  1.1.1.1 server name

  1.1.1.2 server name

  domain xx.xx.xx.xx

  permit same-security-traffic inter-interface

  permit same-security-traffic intra-interface

  network of the PoolAnyConnect object

  subnet 10.6.4.0 255.255.252.0

  access extensive list permits all ip a outside_in

  list of access by standard tunnel allowed 10.0.0.0 255.0.0.0

  pager lines 24

  Enable logging

  timestamp of the record

  exploitation forest-size of the buffer 1048576

  logging buffered information

  asdm of logging of information

  Within 1500 MTU

  Outside 1500 MTU

  mask 10.6.4.1 - 10.6.7.254 255.255.252.0 IP local pool PoolAnyConnect

  ICMP unreachable rate-limit 1 burst-size 1

  ICMP allow any inside

  ICMP allow all outside

  ASDM image disk0: / asdm - 66114.bin

  enable ASDM history

  ARP timeout 14400

  NAT (inside, outside) static source any any static destination PoolAnyConnect PoolAnyConnect non-proxy-arp-search to itinerary

  NAT (exterior, Interior) static source PoolAnyConnect PoolAnyConnect non-proxy-arp-search to itinerary

  Access-group outside_in in external interface

  Route outside 0.0.0.0 0.0.0.0 DefaultGW-outdoor 1

  Route inside 10.0.0.0 255.0.0.0 DefaultGW-Inside 1

  Timeout xlate 03:00

  Timeout conn 01:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

  Sunrpc timeout 0:10:00 h323 0:05:00 h225 mgcp from 01:00 0:05:00 mgcp-pat 0:05:00

  Sip timeout 0:30:00 sip_media 0:02:00 prompt Protocol sip-0: 03:00 sip - disconnect 0:02:00

  Timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute

  timeout tcp-proxy-reassembly 0:01:00

  Floating conn timeout 0:00:00

  dynamic-access-policy-registration DfltAccessPolicy

  AAA-Server LDAP protocol ldap

  AAA-server host 3.3.3.3 LDAP (inside)

  Timeout 5

  LDAP-base-dn o = xx

  LDAP-scope subtree

  LDAP-naming-attribute sAMAccountName

  novell server type

  identity of the user by default-domain LOCAL

  the ssh LOCAL console AAA authentication

  AAA authentication enable LOCAL console

  AAA authentication http LOCAL console

  Enable http server

  http 0.0.0.0 0.0.0.0 inside

  http 2.2.2.2 255.255.255.240 outside

  Telnet timeout 5

  SSH 0.0.0.0 0.0.0.0 inside

  SSH 2.2.2.2 255.255.255.240 outside

  SSH timeout 10

  Console timeout 10

  management-access inside

  a basic threat threat detection

  Statistics-list of access threat detection

  no statistical threat detection tcp-interception

  SSL cipher aes128-sha1 aes256-3des-sha1 sha1

  WebVPN

  allow outside

  AnyConnect essentials

  AnyConnect image disk0:/anyconnect-win-3.1.03103-k9.pkg 1

  AnyConnect enable

  tunnel-group-list activate

  internal GrpPolicyAnyConnect group strategy

  attributes of Group Policy GrpPolicyAnyConnect

  value of server DNS 1.1.1.1 1.1.1.2

  VPN - 1000 simultaneous connections

  client ssl-VPN-tunnel-Protocol

  Split-tunnel-policy tunnelspecified

  Split-tunnel-network-list value in tunnel

  field default value xx.xx.xx.xx

  admin Dp4l7Cmqr7SMHl.l encrypted privilege 15 password username

  tunnel-group AnyConnect type remote access

  tunnel-group AnyConnect General attributes

  address pool PoolAnyConnect

  LDAP authentication group-server

  Group Policy - by default-GrpPolicyAnyConnect

  tunnel-group AnyConnect webvpn-attributes

  enable AnyConnect group-alias

  !

  class-map inspection_default

  match default-inspection-traffic

  !

  !

  type of policy-card inspect dns preset_dns_map

  parameters

  maximum message length automatic of customer

  message-length maximum 512

  Policy-map global_policy

  class inspection_default

  inspect the ftp

  inspect h323 h225

  inspect the h323 ras

  inspect the rsh

  inspect the rtsp

  inspect esmtp

  inspect sqlnet

  inspect the skinny

  inspect sunrpc

  inspect xdmcp

  inspect the sip

  inspect the netbios

  inspect the tftp

  inspect the ctiqbe

  inspect the http

  inspect the dcerpc

  inspect the dns

  inspect the icmp

  inspect the icmp error

  inspect the they

  inspect the amp-ipsec

  inspect the mgcp

  inspect the pptp

  inspect the snmp

  !

  global service-policy global_policy

  context of prompt hostname

  no remote anonymous reporting call

  Cryptochecksum:9399e42e238b5824eebaa115c93ad924

  : end

  BTW, I changed the NAT configuration many attempts the problem, this is the current...

  YPU need to allow your client VPN address pool (10.6.4.1 mask - 10.6.7.254 255.255.252.0) ssh and http from 'outside' access, which is where they come from. Add them to the:

  http 0.0.0.0 0.0.0.0 inside

  http 2.2.2.2 255.255.255.240 outside

  SSH 0.0.0.0 0.0.0.0 inside

  SSH 2.2.2.2 255.255.255.240 outside

• Tunnel VPN Firewall (both sides of the Site B, same IP series)

  Hi Experts,

  I'm in a weird situation, hope I can get an answer from you guys.

  I had created VPN tunnel to our customer on our firewall 3 years.

  Now we create the VPN tunnel for new customer, but the IP settings to the new customer is the same as the former client. How can we get through this that we can not change the IP settings on both clients.

  Here are the technical details

  Older Client settings:

  (1) our authorized Local LAN IP: 192.168.3.0/24

  (2) customer Local LAN IP authorized: 10.0.0.0/8 (as several range of network to the client end)

  New customer to make settings:

  (1) our authorized Local LAN IP: 192.168.3.0/24

  (2) authorized customer Local LAN IP: 10.10.16.0/24

  10.10.32.0/24

  Please help as well how we can make the settings without making any changes on the client side.

  I am using firewall Watchguard XTM 515

  Thank you best regards &,.

  Mandeep

  This issue is beyond the scope of this site (for consumers) and to be sure, you get the best (and fastest) reply, we have to ask either on Technet (for IT Pro) or MSDN (for developers)
  *
  http://social.technet.Microsoft.com/forums/en-us/home s/fr-U.S./Accueil
  http://social.msdn.Microsoft.com/Forum

• Get and Put functions are grayed out, outside, in the window, in that I work.

  The appearance (and work) in the management of files very well. But if I'm going to the menu in the drop-down menu, I get this:

  

  The button Get / Put in the toolbar, I get this:

  

  The shortcut should still work.

  Try to clear the cache of the program and see if it brings back: removing a corrupt cache file

  If not, you may need to restore preferences: preferences restore | Dreamweaver CS4, CS5, CS6, CS5.5

  Worst case, a total reinstall using the vacuum tool would give you a new installation of 100%: use of the cleaning tool CC to resolve installation problems. CC, CS3 - CS6

• Cisco Anyconnect VPN and IPSEC coexist on ASA 5520?

  Can a Cisco ASA 5520 which has been configured as IPSEC VPN gateway and also be configured as a gateway ANYCONNECT VPN and vpn IPSEC service anyconnect vpn clients clients maintenance at the same time? Any negative impact on the performance or any other problem that everyone knows?

  I guess that by 2 connection limit, you are referring to the 2 licenses for anyconnect?  You should consider using the anyconnect essentials license, which is relatively cheap (100-200 dollars I think) and will take you to the edge of the platform with anyocnnect.

  You shouldn't have any problem using IPSEC with LDAP client.  It is quite common - my company is IPSEC as Anyconnect off the coast of the same interface using authentication ldap (even same-group policy) for the two.

  -Jason

• Quality of VoIP BOUNCING over AnyConnect VPN problems

  Hello:

  I'm in the middle of the conversion of our environment of VPN for remote access of the former client VPN Cisco AnyConnect (ver. 3.1.01065) VPN's IPSec. I have a number of beta-testers on the new AnyConnect VPN environment, and we have quality problems of intermittent VoIP (IP Communicator 8.5.3 on remote laptops) with the HQ VPN. While I realize that we miss the calls over the Internet, which is a network of 'better' and can not control the Inernet QoS, the special thing is the VoIP call on the former that ipsec VPN seems to work very well 99% of the time.

  I did a series of G.729 calls on the old client IPSec and customer AC, with the same laptop, using the same remote access connection. The "VPN server" for the IPSec VPN is an ASA5520 (8.0 (4)), on a connection of 100 Mbps with plenty of reserve, which runs also firewall services for an office of about 500 people and a small DMZ environment. The VPN server that is handling AnyConnect VPN is a new ASA5515-X (8.6 (1) 2), using the same channel of 100 Mbit/s Internet and running VPN services only. When you call running of tests on the old IPSec VPN, the jitter of appeal is pretty consistent, where jitter ave runs about 10 ms and jitter peak running 30-40ms. On the client ACTS, so that 'good' calls run about the same jitter as the old VPN, called the 'bad' (drops intermittent speaker, sometimes sounds 'mechanized'), which produce about 1 of evey 5 calls, run jitter ave to about 120-150ms and jitter of tip of 300-400 m for info, I don't see no packet loss to talk, just call jitter is through the roof. While in most cases, this could be written off as a "bad Internet connection", on the pretty old VPN tests prove a lot is not the issue.

  That said, anyone has an idea why the quality of calls is sometimes wrong via the AnyConnect VPN? Is there pest practices that I can work from, or any settings you can recommend? Thank you.

  Well, there are several things in our implementation that could help if possible, although I think you can open the case of the TAC, we saw some strange behaviors.

  Things to enable the audit side ASA/SSL:

  -DTLS - check if it is enabled and WORK (see the det filter name NAME_HERE anyconnect vpn-sessiondb)

  see if the packets are tunneled by the DTLS Protocol not TLS. The datagram transport is much better suited for performance.

  -Compression - so we see a lot of deployments with it enabled us say this as much as we can. Compression is for links to bandwidth low latency. In the modern internet, it should be used with caution.

  -check the ASP drop table on ASA (fall of claire asp, run the "show asp drop' rest and during the period of low performance monitor.)

  -additional recording "class... ssl connection. "can give you greater participation.

  -See the proto ssl_np - good starting point count

  the list goes on and.

  What is important to understand, is that the problem is with the traffic on the wire or from the use of SSL.

  Sniffer traces are essential.

  M.

• AnyConnect VPN configuration

  Hello

  I have ASA 5505 firewall (9.04), and I have 5 static public IP addresses that are forwarded to me by ISP. One of these addresses are used for the external interface in ASA. ATM AnyConnect VPN client to connect to the public IP address that is assigned to the external interface of the ASA. I want to change that while I've separated public IP dedicated for VPN connections. How can I do this? I thought I could just add 'Alias IP' to my external interface, but it doesn't seem to be possible with the ASA. How can I configure ASA to accept the different public IP address VPN connections?

  VPNS are always end the public interface ASAs. And the ASA has nothing as secondary IP addresses. The only option you have is that you use IP ASA for any NAT operation and ensure in this way that this IP is available.

• Cisco AnyConnect VPN 2.5/3.1 Question

  Hello

  If we run AnyConnect version 2.5 on our firewall, users who installed the 3.1 client will be able to VPN in without having to download version 2.5?

  Thank you!

  Yes. Routers and firewalls will upgrade (default) AnyConnect clients when they connect, but won't downgrade a newer client. I ' have a number of routers AnyConnect 2.5 configured which can not be upgraded due to storage constraints and 3.1 connect to them without difficulty.

• The ID attribute of the station call needs for Anyconnect VPN client MAC address

  Hi all

  We test tring Anyconnect VPN users to connect using the certificate. ASA East of validation / authentication user based on cert and approval it requires Radius server (ISE). Currently ASA sends the Ip address of the VPN client in «calling station ID» We want ASA to send the Anyconnect VPN client MAC address to the radius server in RADIUS attribute «calling station ID»  Is it possible to do this. Get around them?

  Parag salvation,

  The calling Station ID always contains the IP if Anyconnect VPN.

  L3 is originally unlike wireless which has L2 Assoc.

  Currently no work around.

  Respect of

  Ed

• Anyconnect VPN problem

  Hello friends!

  I ve been trying to configure the anyconnect VPN, but I cannot generate the CA, probably I m doing wrong sothing.

  To be honest, I Don t know if the problem int this VPN is only what is missing, but is the only thing that I've seen what can be a problem.

  Someone knows how to generate the CA in the ASA?

  Hi Marcio,

  Please follow this link:

  https://supportforums.Cisco.com/document/12597006/how-configure-ASA-CA-s...

  Do you want authentication certificate based for Anyconnect users?

  I'm not sure we really need a CA in this case.

  You can try to check this third party link to configure the Anyconnect on SAA basic settings:

  http://www.petenetlive.com/kb/article/0000943

  Kind regards

  Aditya

  Please evaluate the useful messages.

• Unable to VPN outside to the

  I just walked in this job to halfway through a passage of a software firewall to the cisco box. The config on this thing is crazy. I need help!

  I need a VPN client from outside to the inside, so the IT Department. can access the network hardware. Next, we'll add a few static VPN for other devices...

  In any case, I've tried everything even the wizard on a dev box to figure out what is preventing me from access to the network. I can establish a tunnel but can not get anywhere.

  I've included the entire config because she is poor and the problem can come from anywhere.

  Thanks for any help.

  Hello.

  It seems that you have not NOT nat the

  VPN traffic to the intended internal networks.

  I would add

  10.125.1.0 IP Access-list extended nat0 255.255.255.0 allow 10.0.0.0 255.0.0.0

  Of course you can adapt this more appropriate for internal networks, that you want to access.

  You should also link ip pool to your group policy.

  See how it goes...

  Tim

• Dynamic L2L Tunnel - the Tunnel is up, will not pass the LAN traffic

  Hello everyone. I am repurposing an ASA for my business at a remote site and must use a dynamic Configuration of L2L with Split tunneling active. We used these in the past and they work a lot, and I've referenced Cisco official documentation for the implementation. Currently, I am having a problem where I am unable to pass traffic on the local remote network over the VPN tunnel (it does even not raise the tunnel of form). However, if I run the following command in the ASA remote:

  Ping inside the 192.168.9.1

  I receive the ICMP responses. In addition, this traffic causes the VPN Tunnel to be created as indicated by show ISA SA:

  1 peer IKE: xx.xx.xx.xx

  Type: L2L role: initiator

  Generate a new key: no State: MM_ACTIVE

  Here is the IP addressing scheme:

  Network remotely (with the ASA problem): 192.168.12.0/24

  Basic network (Hub): 192.168.9.0/24

  Other rays: 192.168.0.0/16

  Config:

  ASA Version 8.2 (1)
  !
  hostname xxxxxxxxx
  domain xxxxxxxxxxx.local
  activate the xxxxxxxx password
  passwd xxxxxxxxx
  names of
  !
  interface Vlan1
  nameif inside
  security-level 100
  192.168.12.1 IP address 255.255.255.0
  !
  interface Vlan2
  nameif outside
  security-level 0
  IP address dhcp setroute
  !
  interface Ethernet0/0
  switchport access vlan 2
  !
  interface Ethernet0/1
  !
  interface Ethernet0/2
  !
  interface Ethernet0/3
  !
  interface Ethernet0/4
  !
  interface Ethernet0/5
  !
  interface Ethernet0/6
  !
  interface Ethernet0/7
  !
  passive FTP mode
  clock timezone CST - 6
  clock to summer time recurring CDT
  DNS server-group DefaultDNS
  domain xxxxxxxx.local
  permit same-security-traffic intra-interface
  to_hq to access extended list ip 192.168.12.0 allow 255.255.255.0 192.168.0.0 255.255.0.0
  inside_nat0_outbound to access extended list ip 192.168.12.0 allow 255.255.255.0 192.168.0.0 255.255.0.0
  pager lines 24
  Within 1500 MTU
  Outside 1500 MTU
  ICMP unreachable rate-limit 1 burst-size 1
  don't allow no asdm history
  ARP timeout 14400
  Global 1 interface (outside)
  NAT (inside) 1 0.0.0.0 0.0.0.0
  Timeout xlate 03:00
  Timeout conn 01:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
  Sunrpc timeout 0:10:00 h323 0:05:00 h225 mgcp from 01:00 0:05:00 mgcp-pat 0:05:00
  Sip timeout 0:30:00 sip_media 0:02:00 prompt Protocol sip-0: 03:00 sip - disconnect 0:02:00
  Timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
  timeout tcp-proxy-reassembly 0:01:00
  dynamic-access-policy-registration DfltAccessPolicy
  Enable http server
  http 192.168.0.0 255.255.0.0 inside
  No snmp server location
  No snmp Server contact
  Server enable SNMP traps snmp authentication linkup, linkdown cold start
  Crypto ipsec transform-set esp-SHA-ESP-3DES-3des esp-sha-hmac
  life crypto ipsec security association seconds 28800
  Crypto ipsec kilobytes of life - safety 4608000 association
  card crypto outside_map 10 correspondence address to_hq
  crypto outside_map 10 card game CORE peers. ASA. WAN. INTELLECTUAL PROPERTY
  outside_map crypto 10 card value transform-set ESP-3DES-SHA
  outside_map interface card crypto outside
  crypto ISAKMP allow outside
  crypto ISAKMP policy 10
  preshared authentication
  3des encryption
  sha hash
  Group 2
  life 86400
  crypto ISAKMP policy 65535
  preshared authentication
  3des encryption
  sha hash
  Group 2
  life 86400
  Telnet 192.168.0.0 255.255.0.0 inside
  Telnet timeout 5
  SSH timeout 5
  Console timeout 0
  management-access inside
  dhcpd 192.168.9.2 dns 208.67.222.222
  !
  dhcpd address 192.168.12.101 - 192.168.12.131 inside
  rental contract interface 86400 dhcpd inside
  dhcpd xxxxxxxxx.local area inside interface
  dhcpd ip interface 192.168.9.50 option 66 inside
  dhcpd allow inside
  !

  a basic threat threat detection
  Statistics-list of access threat detection
  no statistical threat detection tcp-interception
  WebVPN
  tunnel-group basis. ASA. WAN. Type of IP ipsec-l2l
  tunnel-group basis. ASA. WAN. IPSec-attributes of intellectual property
  pre-shared key xxxxxxxxxxxx
  !
  class-map inspection_default
  match default-inspection-traffic
  !
  !
  type of policy-card inspect dns preset_dns_map
  parameters
  message-length maximum 512
  Policy-map global_policy
  class inspection_default
  inspect the preset_dns_map dns
  inspect the ftp
  inspect h323 h225
  inspect the h323 ras
  inspect the netbios
  inspect the rsh
  inspect the rtsp
  inspect the skinny
  inspect esmtp
  inspect sqlnet
  inspect sunrpc
  inspect the tftp
  inspect the sip
  inspect xdmcp
  inspect the icmp
  !
  global service-policy global_policy
  context of prompt hostname

  Once the tunnel is in place, LAN to the Remote Site traffic won't pass through the VPN Tunnel any upward. On the side of ASA Core, I was able to Telnet in the ASA distance very well, but could not ping the Remote Access Point.

  Someone at - it a glimpse of my problem?

  Hello

  Add:

  NAT (inside) 0-list of access inside_nat0_outbound

• BlackBerry Smartphones location of saved Text messages and downloads please as a desire to update the device software

  I have a Blackberry 9300. I noticed while testing option 'restore' in Blackberry Desktop Software 'Saved messages' is grey so not able to restore and downloaded programs were not included in the backup course so I'm delaying the update of the OS 6 bundle OS 6 bundle 1879 2949 until I can get these issues resolved. First of all, where are my saved text messages would be they located on the SD card? Secondly, where are the downloaded applications and how would bring him back, I should reinstall individually or is there a better method I guess updating the software of the device would eliminate any reference to them? Thanks in advance, Marcia

  willismc wrote:
  My problem, I think that will be most of the downloads and installations have been from the Blackberry web, although "My World" lists apps, I have only the option to remove and reinstall yet if I so choose. That's why I need to dig a little deeper on the aspect of the place here.

  To reinstall your applications, see this KB:

  • KB17625 How to install or transfer has already purchased apps from BlackBerry App World for BlackBerry smartphone

  You may also need to clear the cache of application AppWorld:

  1. open the App World

  2. go to my world

  3. follow one (and only one!) of these steps:

  3. for the BB keyboard-oriented - hold down the ALT key and press on, in the sequence R, then S, then T

  3B. for touch screen only BBs - hold the num-lock (! 123 button) so that it hangs and then press on, in the sequence 3, then 4, then)

  3 c for the most recent (e, g., OS6 and 7) BB s, see this KB:

  • KB24714 How to clear the cache of BlackBerry App World

  4 AppWorld must close

  5. If your BB locks after issuing clear cache, do a battery pull reboot

  6. return to AppWorld/MyWorld (it can be slow, while it re - sync).

  If (4) stage arrives not as described, then the empty the cache failed.

  willismc wrote:
  I was also interested to read your information on the primary database of smartphone that made me wonder if it was at this location that the saved text messages were built. I mention this as I save some of my text messages I can consult at any time by selecting 'View the Messages stored' in the menu messages text, which lists the emails and text messages, that you saved.

  The Interface of Messages is against the databases on the BB... Watch a saved messages can be as simple as a filter that is applied to display only those, but always from the same database. Also understand that the 'Messages' is a term Super set, with "email", "SMS", and other types of messages into subsets.

  willismc wrote:
  Saving messages electronic elsewhere are not a problem but saved SMS backup does not seem to be an option, why would I need to check this feature before upgrading the device software. Appreciate your answer to that one.

  As I said, I suspect saved SMS Messages to be a subset of the base of great set 'SMS Messages"together with the message 'saved' being a subset within this database.

  I can't answer definitively for you because I've never had the problem you are experiencing. You may need to test to know for sure.

  Good luck!

• AnyConnect VPN and HP Office Jet Pro 8500 A910

  I can print from my laptop IBM T400 running Windows 7 64 bit. However, when I log in work AnyConnect VPN, I can't print. He says that the printer is disconnected from the network, even if it is connected. IT support at work said he can't change or adjust the VPN settings. The only way I can print is to disconnect from the VPN. Is this what I can adjust on the software of the printer or the printer itself?

  Hello

  To be able to print on the local network when you are connected to a network remote VPN might be possible by changing the VPN split tunneling configuration.

  However, it is depands on the VPN features and cannot be authorized because of the security requirements of your IT Department.

  Anyway, there is no way to configure such a thing by the printer or the printer software... It is directly affected by the configuration of the network and therefore require to modify VPN settings.

  Kind regards

  Shlomi