MikroTik

plucchetti

Solved!

Thanks a lot guys.

Pablo

plucchetti

Hello Changeip, here is a part of my routing table, as you can see static route is already active. 36 Db 175.0.0.0/8 unreachable 192.0.2.1 20 37 Db 176.0.0.0/8 unreachable 192.0.2.1 20 38 Db 177.0.0.0/8 unreachable 192.0.2.1 20 39 Db 179.0.0.0/8 unreachable 192.0.2.1 20 40 Db 180.0.0.0/8 unreachable...

plucchetti

Next hop is 192.0.2.1, these route was created on MT as blackhole interface like null interface in Cisco. Here's the export of BGP: /routing bgp instance set default as=65503 client-to-client-reflection=yes comment="" disabled=no ignore-as-path-len=no name=default out-filter="" r...

plucchetti

Doesn't work changing static route scope lower than BGP Target Scope

Any ideas?

Thanks!

Pablo

plucchetti

Changeip: next-hop from v3.x was removed, that's work fine in 2.9.51
Medianet: I mean Unreachable and I using target-scope=40 in both routers

plucchetti

I have a BGP session with Team Cymru on a Cisco router and I want to redistribute this bogons from this router to another Mikrotik Routers. I configured the BGP session on the first MT and all works fine but in the second MT router the bogon prefixes are in invalid state, same configuration, same Ro...

plucchetti

Hi, I've a RouterOS 3.10 running on a USB. This router has a pppoe concentrator and pppoe-server interfaces for each client to set bandwidth control and QoS. All seems work fine but in a random time, mangle stops working and bandwidth rate goes up. If I add "." (dot) at the end to the pack...

plucchetti

That's works fine, the default route was advertised, but need to filter to other peers, putting on a rule at the end with discard action not working properly. Any help?

plucchetti

Ok,
I'll try with 0.0.0.0/0 prefix lenght=32

Thank you man!

plucchetti

Thanks for your informartion, but is another way to do?

plucchetti

Hi all,

How I can advertise a default route, like Cisco "default-originate" command? I'm using 2.9.51 version.

Thanks,

P

plucchetti

You must create a different policy for each network that you wish to connect, this policies are already created?
One more thing, this scenario in working under NAT?

Pablo

plucchetti

I recommend to use OpenDNS it's very useful.

Regards,
Pablo

plucchetti

This solution works fine without NAT because in NAT schema netwatch can't ping with source address, right?

Pablo

plucchetti

Missing policy to encrypt traffic through IPSEC Concentrator from 192.168.40.0/24 to 192.168.30.0/24 network.

Thanks

plucchetti

No way Andrew...
Can't ping from between networks 192.168.30.xxx, 192.168.40.xxx, 192.168.20.xxx or 192.168.21.xxx when the tunnel is up.\
Here is the networks schema.
Another idea?

Thanks for you help.
Pablo

plucchetti

Andrew, I have these rules on firewall/nat add action=accept chain=srcnat comment="" disabled=no dst-address=192.168.10.0/24 src-address=192.168.40.0/24 add action=accept chain=srcnat comment="" disabled=no dst-address=192.168.30.0/24 src-address=192.168.40.0/24 add action=masque...

plucchetti

Are you excluding the IPSEC Lan to Lan traffic from NAT? I have all networks in firewall, for example: chain=srcnat action=accept src-address=192.168.20.0/24 Are the routing tables correct? I think it's ok because I can reach remote routed LAN from IPSEC Concentrator. I need to add something on rem...

plucchetti

Hi, I have an IPSEC concentrator working with remote LANs, all works fine but when I trying to reach from remote connection to another LAN outside the IPSEC Scheme (just routed LAN) can't obtain ping response. All networks are in mangle rules before masquerade, because all routers are working with N...

plucchetti

Both keys are the same, I don't know what's in wrong.

Regards,
Pablo

plucchetti

You mean ipsec authentication, right?

plucchetti

Sorry double post.

plucchetti

Configuration of both routers On Mikrotik /interface ipip add comment="" disabled=no local-address=10.118.1.2 mtu=1480 name="Tunel1" remote-address=10.118.1.1 /interface pppoe-client add ac-name="" add-default-route=yes allow=pap,chap,mschap1,mschap2 comment=""...

plucchetti

Hi, I'm triying to set up vpn tunnel between Cisco 800 Series and Mikrotik 3.0rc10 following this Howto: http://wiki.mikrotik.com/wiki/IPSec_VPN_with_Dynamic_Routing_/_Mikrotik_and_Cisco but they can't connect. I log to Winbox and try to ping to remote wan ip address and I receive this error message...

plucchetti

Try adjusting the BGP peer TTL to better reflect the number of hops. MikroTk support suggested this and it worked for us recently.

Best,

Brad

I have same problem and I did change TTL, now working Ok.
Thaks!

plucchetti

Hello, I've a MT as IPSEC VPN Server and CPEs are 3Com 3CR858, when tunnel is established the log shows a lot of ipsec warning messages: 17:50:50 ipsec,warning decrypted packed did not match policy 17:50:51 ipsec,warning decrypted packed did not match policy (2 events) And after 10 minutes the tunne...

plucchetti

Thanks for your reply, but what happe when ip address is dynamic?

Pablo

plucchetti

Can I mangle incoming and outgoing packets or flow when clients authenticate via pppoe?
I'm a little confused with this because pppoe interface is dynamic.

Thanks in advance

plucchetti

Ok, but I'm trying to use queue tree.

Regards,
Pablo

plucchetti

How I can mangle upload and download traffic on a pppoe interface with dinamic ip address?

Any help will be appreciated
Thanks,
Pablo

plucchetti

Hello,

I've got a MT server working with nat and routed public ips, when i was traying to see all tcp connections the server shutdown unexpectedly, after reboot the nat stops working.
I didn't change any configuration, but i can't find where is the problem.
Somebody help me?

Thanks,
Pablo

plucchetti

Thanks a lot man. I read the documentation, but i didn't understand how to apply; This is my scenario Mangle rules src-address=192.168.5.1/32 in-interface=Local action=passthrough mark-flow=basic-up mark-connection=basic-up in-interface=!Local connection=basic-up action=acceptmark-flow=basic-down Qu...

plucchetti

Hi,
I made three profiles with pcq for different rates limit (128, 256 and 512), but i want to ensure a minimum rate for download for each, for example:

128k profile
min: 32k max: 128

256 profile
min: 65k max: 256

512 profile
min: 128 max: 512

Thanks in advance.

Pablo

Search found 33 matches

Re: BGP Prefixes Problem

Re: BGP Prefixes Problem

Re: BGP Prefixes Problem

Re: BGP Prefixes Problem

Re: BGP Prefixes Problem

BGP Prefixes Problem

Strange problem with mangle 3.10

Re: BGP Default Route

Re: BGP Default Route

Re: BGP Default Route

BGP Default Route

Re: VPN agains Cisco 3000

Re: I need a blacklist...

Re: How to clean out Unreplied IPSEC connections

Re: Help with IPSEC - SOLVED

Re: Help with IPSEC

Re: Help with IPSEC

Re: Help with IPSEC

Help with IPSEC

Re: IPSec VPN with Dynamic Routing / Mikrotik and Cisco

Re: IPSec VPN with Dynamic Routing / Mikrotik and Cisco

Re: IPSec VPN with Dynamic Routing / Mikrotik and Cisco

Re: IPSec VPN with Dynamic Routing / Mikrotik and Cisco

IPSec VPN with Dynamic Routing / Mikrotik and Cisco

Re: bgp multihop error " no route to host "

Ipsec messages

PPoE Mangle

Pppoe mangle question

Nat not working after reboot

Pcq question