MikroTik

fpascual

Hi, I need to limit eMule traffic but only in a certain period of the day (9am to 18pm), how can I do that with version 2.9.27 ?. Thanks in advance.

fpascual

Please, someone can help me ?. Thanks in advance.

fpascual

I forgot put my nat rules, sorry: 0 ;;; Nat de la Lan chain=srcnat out-interface=externa src-address=192.168.1.0/24 action=masquerade 1 ;;; Permito eMule Pto TCP 7415 chain=dstnat in-interface=externa protocol=tcp dst-port=7415 action=dst-nat to-addresses=192.168.1.2 to-ports=7415 2 ;;; Permito eMul...

fpascual

I can´t connect from my LAN to FTP or RDP outside services. This is my schema: INTERNET -> CABLEMODEM -> MIKROTIK -> LINKSYS AP MODE -> LAN PC These are my firewall filter forward rules: 0 ;;; Permito Terminal Server solo desde el Trabajo - IMPSAT chain=forward src-address=200.X.X.X dst-address=192....

fpascual

I receive a distributed DoS/DDoS UDP attack to a DNS Service, how can I detect and filter dinamically ?. I supposed from /ip firewall filter with "limit", but I can´t do it.

Thanks a Lot

fpascual

Hi, I have 5 BGP peers and need to control some traffic by manually form.
I controlled upstream traffic via mangle rules and static routes, but, how can I configured some kind of downstream traffic to receive them for a particular bgp peer ?.

Thanks

fpascual

Sorry, and what´s about Vlans graphs ?.

Thanks

fpascual

Excellent sergejs, thanks a lot !.

fpascual

Hi, I´m using /tool graphing and can´t understand how I must read the graphs.

Interfaces Traffic Graphs and Queue Graphs, In both cases, wich is the traffic that go from mi LAN to Internet and vice versa ?.

Thanks a lot.

fpascual

srv1990@fibertel.com.ar

fpascual

Fijate esto: /ip firewall filter ;;; Permito FTP chain=forward dst-address=192.168.1.2 protocol=tcp dst-port=21 action=accept /ip firewall nat ;;; Permite FTP chain=dstnat protocol=tcp dst-port=21 action=dst-nat to-addresses=192.168.1.2 to-ports=21 Tenes que habilitarlo en el forward tambien. En las...

fpascual

No tenes dst-nat para la Wan 2 tambien ?.
Otra cosa, las reglas de forward estan correctas ?

fpascual

Hola Alberto, para hacer port forwarding (lo que vos queres hacer) se utiliza dstnat. Fijate, tengo una PC con un FTP y quiero que desde Internet ingresen al puerto: ;;; Permite FTP chain=dstnat protocol=tcp dst-port=21 action=dst-nat to-addresses=192.168.1.2 to-ports=21 Con respecto al gre, fijate,...

fpascual

I have a friend with ddns, how can I make a firewall rule or vpn connection if I have only the hostname ?

Thanks a lot.

fpascual

Oh, ok, yes, in this moment I use mangle to tag the packets and then statics routes to route him. I think that can make this job with BGP too.

fpascual

No Tom, I´m not talking about mangle with BGP, just need to route some upstream traffic depending on the source addresses. I mean: IF my router receive a packet with XXXX source address range and YYYY destination address, I need to route this packet to Peer N (I decide for wich peer send this packet...

fpascual

Ok Tom, I read your post about BGP. Look, I need route some networks by src-address: add chain=prerouting in-interface=red_acceso src-address=200.X.6.0/24 dst-address-list=bloques_nacionales action=accept comment="200.X.6.0/24 Upstream Nacional" disabled=no add chain=prerouting in-interfac...

fpascual

Ohhh, thanks a lot !.
And then I must to configure 1 line per network in address list, is it correct ?.
Can I make this traffic treatment with BGP directly ?.

fpascual

Another question, I have 5 BGP peers and use mangle to take a control to upstream traffic (balancing 3 international providers), how can I do that with BGP ?

fpascual

Hi, can I put more than one dst-address into a single mangle rule ?, I must to configure tagging to more than 20 networks.

Thanks

fpascual

I need a router with follow interfaces:

2 Channelized E1/PRI ports
4 Serial Network Interfaces
2 Fast Ethernet Interfaces

Can I make this with mikrotik ?

Thanks to all.

fpascual

Yes, before I try with TCP and doesn`t work.
Is correct use "telnet mk_ip port" to activate knocking ???, I think this is my problem.

Thanks to all.

fpascual

No skill ... Take a look of my firewall rules: [admin@mk] ip firewall filter> print input Flags: X - disabled, I - invalid, D - dynamic 0 ;;; Permito SSH desde la LAN chain=input in-interface=interna src-address=192.168.1.0/24 protocol=tcp dst-port=22 action=accept 1 ;;; Permito SSH - Port Knocking ...

fpascual

JJCinAZ, doesn`t work ...

fpascual

Take a look please: 19 ;;; Permito SSH - Port Knocking SSH - Interface Externa chain=input in-interface=externa dst-port=2021 action=add-src-to-address-list address-list=ssh_ok address-list-timeout=15m 20 ;;; Acepto SSH Verificado - Port Knocking chain=input in-interface=externa protocol=tcp dst-por...

fpascual

Yes, but I want to do a port knocking only one port.

UDP port 2021 -> add src to list A
Permit List A for 15 minutes

Then, I must use telnet to this port ?? (like "telnet 192.168.1.1 2021")

In this momento I use port knocking but with http port ....

Thanks !.

fpascual

I must to configure a customer wich 2 internet access. Y need route VPN and VOIP between 1 interface and the rest for the other, wich is the best method ?, ECMP ?. For packet tagging I use ip firewall mangle with this options VPN connection-type=pptp and other one with connection-type=gre Is this co...

fpascual

Finally the problem was the 3COM cards, now use Realtek ..., I can´t understand what´s happend.

Thanks

fpascual

When monitoring links status I saw "link-ok" and then "no-link" (flaps), I supposed that the problem is the 3COM cards, could it be ??, could be the 2.9.41 version ?.

Please help me.

Thanks a lot.

fpascual

I´m using 4 NIC´s 3COM 3c905C-TX/TX-M [Tornado] and connect him directly to peers, the link is OK, what could it be ??.

Thanks

fpascual

Yes, I tried to use /ip firewall filter with a different ports but doesn`t work.
Can you paste me an example please ?.

Thanks a lot.

fpascual

I need to update the PC configuration. i got working right now a PC with 4 NICs. i wanted to upgrade this very old equipment with a new one, with the addition of 1 more NIC. i have tested several motherboards earlier with no success: the biggest problem is to find some MB with 5 PCI slots. when find...

fpascual

Janisk, I didn´t change the ttl, I´m going to try this tomorrow, what value must have ?. Remember that my production router have the ttl=1 and is a copy of them.

fpascual

Danail, no: 200.XX.17.151 is my production router that work OK 200.XX.17.1 is the router of my provider (PEER1) I´m trying to change a hardware for a new one and copy the configuration of the production router to this new one (and with which have the problem). Do you understand me ?. Yes, I supposed...

fpascual

Danail, I can´t reach 200.xx.17.1 with ping. Look the routing table: # DST-ADDRESS PREF-SRC G GATEWAY DISTANCE INTERFACE 828 ADC 200.XX.17.0/24 200.XX.17.151 0 Peer1 829 Db 200.xX.17.0/24 r 200.XX.25.49 30 Peer2 And this is the routing table of my production router (it work fine): # DST-ADDRESS PREF...

fpascual

07:22:57 route,bgp,info Failed to open TCP connection: No route to host 07:22:57 route,bgp,info RemoteAddr=200.xx.17.1 07:22:57 route,bgp,info RemotePort=179 07:23:17 route,bgp,debug,timer ConnectRetryTimer expired 07:23:17 route,bgp,debug,timer RemoteAddr=200.xx.17.1 07:23:17 route,bgp,debug Connec...

fpascual

Yes Sam, in the other router (which are working now !) have the same configuration (with ttl=1).

fpascual

I configured a new hardware with RouterOS 2.9.41 and the same configuration that the other MK that works fine. With the original router all works great, it have RouterOS 2.9.30. When connect the new hardware with the same configuration, 4 of 6 bgp peer doesn´t established the connection: Example: na...

fpascual

Where can I define other ports than /ip service ?, I`m trying to configure port knocking in port 48220 but can`t define them.

Thanks.

fpascual

Ok, thanks a lot !

fpascual

Ok, if I put 2.9.39 if the same ?, I have this version installed in a backup router.

Thanks

fpascual

Ok, thanks !

fpascual · Ok, do you recommend me to wait or put 2.9.38 ?

Ok, do you recommend me to wait or put 2.9.38 ?

fpascual

Ok Sam, thanks a lot, do you consider that my filter is correctly configured ?.
What about 2.9.40 version ?, have any BGP change with respect 2.9.38 ?

fpascual

Thanks Sam !, what I must do to upgrade only routing-test package ?

fpascual · 2.9.30 Sam

2.9.30 Sam

fpascual

fpascual

Ok, I have the following problem: Example: I have ISP1, and need to: Discard AS 26XX Discard 200.X.5.0/24 and 200.X.31.0/24 networks Accept 200.X.0.0/19 and 200.X.80.0/20 networks Deny any any And when apply this filter doesn´t work: add chain=filter-ISP1-out bgp-as-path=26XX invert-match=no action=...

fpascual

I´m trying to read /routing filter and can´t understand.
I must define my networks to publish in /routing bgp network, and then, what can I do in /routing filter ?.
The question is very basic, I know, but can´t understand.

Thanks a lot

fpascual

Ahhh, ok ok, I understand.

Thanks !!

fpascual

It is possible that a "read only" user have permissions to reboot the mk ??.

Thanks

fpascual

OK, thanks sergejs !.

fpascual

Normis, thanks, I apply packet tagging from /ip firewall mangle and then statics routes with routing-mark in /ip route, thats correct ??.

Thanks

fpascual

I mean, is this the correct method or exist a better way to do the same ?

Thanks

fpascual

Oh, yes Normis, works fine, but I think that exist other method, is´n it ?.

Thanks

fpascual

I have two peers to send international traffic, one by default (A) and the other (B) with /ip firewall mangle rules to mark packets and then put static routing. The idea is change this schema and passtrough the most traffic by the B provider, besides of /ip firewall mangle, wich other method can I u...

fpascual

I think the problem is the mother: Asus P4S8X-X Rev 1.01 Bios Ver 1002 Chipset 648

Someone know if it compatible ?.

Thanks

fpascual

Now I tried to switch cards into different pci slots and when execute /interface ethernet disable "n" and then enable show me this output:

"action failed (6)"

fpascual

When I execute /system resource pci print command only figures 4 cards (not 5) and with the same IRQ=255 ...

fpascual

I´m trying to install a RouterOS v 2.9.39 and doesn´t recognizes my 5 (five) eth cards. I have this setup: Mother Asus P4S8X-X Rev 1.01 Bios Ver 1002 Chipset 648 P 4 2.66 Ghz Processor 5 (five) 3com 905C-TX-M Network Cards Nvidia Gforce 4 MX 4000 1 X 256 DDR 8 Chips AGP Slot Gforce 4 MX 4000 PCI Slo...

fpascual

Voip packets.
With mangle I mark packets for the both ways ? (input and output)

fpascual

Ok ok, and marking the packet matches in connection-type=h323 no ?

Thanks

fpascual

Sorry janisk, I don´t understand.

fpascual

I have a customer with 2 adsl connections. They use normal internet traffic and in addition VPN and VOIP traffic. I want to route VOIP traffic through one of this connections and the rest for the other. I must use /ip firewall mangle feature ?, in this case, i must use "connection-type" op...

fpascual

Hi, can I apply a simple queued to an specific mac address ?, I´m trying to do that but can´t find the option.

Thanks a lot

fpascual

I tested with "telnet my_host 7777" comand from remote windows and doesn't work. Look the rules: 1 ;;; Port Knocking SSH - Interface Externa chain=input in-interface=externa src-address=0.0.0.0/0 protocol=tcp dst-port=7777 action=add-src-to-address-list address-list=ssh_ok address-list-tim...

fpascual

Yes janisk, 887 is an example only.
If i configure port 5555 doesn't work. I make a telnet to my host port 5555 and don't matches with "add-src-to-address-list" action.
Do you understand ?.

Thanks

fpascual

Thanks Gregor, is eBgp, but just work, I forget it reset the bgp session.

Regards

fpascual

I configure port knocking for ssh login but doesn't work at least that use an open port by mikrotik (like 80). Rules: ;;; Port Knocking SSH - Interface Externa chain=input in-interface=externa src-address=0.0.0.0/0 protocol=tcp dst-port=80 action=add-src-to-address-list address-list=ssh_ok address-l...

fpascual

I'm publishing N networks and the last day I aggregate a lot of more. This lasts routes are publishing with different "Next Hop" than the others, what could it be ?, is it configurable ?.

Please help me !.

Sorry for my english.

Thanks a lot.

fpascual

How to clear logs stored on disk ?

fpascual

Exist some way (like address lists) to drop "n" ssh logging attempt via ? (for example, drop an IP address who attempt 3 times with logging failure).

Thanks and happy new year!

fpascual

I'm login in via ssh

fpascual

I have 1 interface that show me the follow:

status: unknown

But, when I make pings outside from mk works fine, the problem is that I can't ping from the lan host to Internet (yes to mk).

What could it be ?

Thanks !

fpascual

I use routeros 2.9.30, is there a way to detect and prevent spam with firewall filters ?

Thanks

fpascual

You should first put those lines into a script, then schedule the script in another command... the scheduler doesn't seem to like full blown scripts.

Glad you are following along : )

Sam

Yes yes, it's a great idea.

Thanks a lot !.

fpascual

Sam, works great !!, thanks a lot !.

Regards.

fpascual

Ok, I understand, the question is, how can I scheduled each ":if" statement and configure in permanent mode ?

fpascual

Sam, the ":if" statements must be configured in /system scheduler path ?.
I put the six ":if" with right configuration but doesn't works, how can I view the sentences ?. Do you understand me ?

Thanks

fpascual

Sam, thanks a lot, but, how can I identify between my 6 bgp peers ?, I must to create 6 bridge interfaces and 6 scripts ?. When I put the script receive an error message ] system scheduler<SAFE> :if ([/routing bgp peer get [/routing bgp peer find name=cymru] state ] = established) do={/int bridge se...

fpascual

Sam, no, don't have options to make ssh.
In a whatsup cisco routers a bgp peer query OID.IP_PEER(oid[dot]ip_peer), can I do that in MK ?
How can I do to make an script for query via snmp ?

fpascual

The OID is .1.3.6.1.2.1.4.24.3.0, but, how can I identify the corresponding peer ?

$snmpwalk -Os -c [community] -v 1 IP_ADDRESS .1.3.6.1.2.1.4.24.3.0

$ip.24.3.0 = Gauge32: 7021

Sound like I receive 7021 routes, but from all the peers.

Thanks

fpascual

Ok, understand, someone knows how to do that on a Whatsup ?

fpascual

Thanks, I need to monitor only if BGP sessions are active, are this oid correct ?.

fpascual

Hi, I need to monitor the BGP state of my mk under a WhatsUp system, what's the oid that need to put into them ?

Thanks a lot.

fpascual

Hi, I wan't to know if exist a command like those in Cisco:

1) sh ip route x.x.x.x
2) sh ...... | include {string}

Thanks a lot.

fpascual

Understood Christian, thanks !

fpascual

You mean, put 0.0.0.0/0 in Permit Networks and then filtering in /ip firewall filter ?, what kind of chain is ?.

Thanks a lot Sergejs

fpascual

How must I do if I want to access the Mikrotik from 2 different networks ?, for example, 192.168.1.50 and other Public network ? (configuring in /service ssh and /user.

Thanks a lot.

fpascual

Sorry, have MK an MRTG server service inside ?

Thanks

fpascual

I use this rule: [admin@] ip firewall mangle<SAFE> print Flags: X - disabled, I - invalid, D - dynamic 0 protocol=tcp tcp-options=syn-only action=passthrough tcp-mss=1452 1 ;;; Permito Messeger src-address=10.0.0.79/32 dst-address=:1863 action=accept mark-connection=CHAT-OK 2 ;;; Marco Paquetes dest...

fpascual

Ok Normis, I'm going to do that.

Thanks a lot

fpascual

Normis, thanks but the watchdog in the other mikrotik is active (with 2.9.17 and more power hardware).
Could it be other thing or only wathdog ?

Thanks a lot.

Regards

fpascual

Hi, I'm trying the 2.9.30 version and in a moment the router reload: 11:39:29 system,error,critical router was rebooted without proper shutdown The same configuration runs in another with 2.9.17 version and works fine. This is the watchdog config in boths: [admin@FW1] system> watchdog print reboot-o...

fpascual

Hi, I'm trying to block msn messenger for PC 192.168.1.25 and doesn't work. This is the rule: /ip firewall rule forward add src-address=192.168.1.25/32 dst-address=0.0.0.0/0 content=gateway.messenger.hotmail.com,login.gateway.hotmail.com,login.live.com,messenger.msn.com,webmessenger.msn,passport.net...

fpascual

Hi, I make the backup but when I replace for the original doesn't work, 2 of my 6 BGP sessions they are in ACTIVE state.
I make a copy line by line and don't forget nothing, what it can be happening ??

Thanks a lot.

fpascual

I have a BGP session between MK and Cisco Router. It's strange because in Cisco the session is OK, but not in MK. Look that: CISCO (200.x.x.9) AS1#sh ip bgp sum Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd 200.x.x.11 4 xxxx 5203 7098 6565 0 0 02:58:49 33 MIKROTIK (200.x.x.11) [...

fpascual

Ok Normis, I understand. I'm making a copy of core router (2.9.17 Version) under production using 2.9.30, but when apply the backup doesn't work fine, then, I want to make a test with the original version to discard this, if work ok with this test it mean that i'm make a mistake copying the original...

fpascual

Sorry, where can I download the old 2.9.17 version ?.
Another question, can I find a specific net into the /ip route ?, I mean, an equivalent to "sh ip route x.x.x.x" in Cisco.

Thanks a lot.

fpascual

Understood, thanks !

fpascual

What do you recommend me ?

fpascual

Eugene, thank you very much !, i'm going to try.

fpascual

Ok, I understand, I need make an export and then change the ethernet mac address ?, only that ?, another change ?. The "backup" have the same number of ethernet cards.

Thanks !

fpascual

Regarding to the last issue, why mikrotik chooses eBGP than iBGP ?, how do I set mikrotik to choose iBGP than eBGP ?, is it possible ?.

Thanks

fpascual

Please, help me. I have MK router with 6 peers. One of them connect me to netwok 200.x.x.0/23 directly (trought a cisco router into my AS). The problem is that the MK router show me that: # DST-ADDRESS PREFSRC G GATEWAY DISTANCE INTERFACE 1319 Db 200.x.x.0/23 r CISCO_MY_AS 200 red_acceso 1320 ADb 20...

fpascual

How can I do to copy identical configuration from one router to another with different hardware ?.

Thanks

fpascual

Oh, ok, thanks a lot Eugene.

fpascual

Sorry, in routeros, where can I found prepending, route maps and other issues like cisco routers ?

Thanks a lot.

fpascual

I upgraded my system from 2.9.27 to 2.9.30 and when reboot the machine it halts or freezes in "Loading System E" messages, what could it be ??

Thanks

fpascual

Eugene, if I upgrade not need to do some changes to work ?, I mean, just upgrade only ?

Thanks !

fpascual

I read about bgp bugs in my MK version (2.9.17), what's happend if I upgrade to new 2.9.30 ?, are this version stable ?, the configuration of 2.9.17 is the same in 2.9.30 or I'm going to make changes in my configuration file ?.

Thanks

fpascual

Thanks, I'm going to apply a filter like this: add chain=test-nap as-path=**** action=discard add chain=test-nap as-path=**** action=discard add chain=test-nap as-path=**** action=discard add chain=test-nap prefix=200.X.X.0/26 prefix-length=26 action=discard add chain=test-nap prefix=200.X.X.128/27 ...

fpascual

janisk, I read this article, but can't understand what I must to do ...
I have some prefixes in /routing filter, but I don't know how filter the default route (0.0.0.0).
Can someone give me an example to filter some prefixes and the default too ?

Thanks a lot

fpascual

Hi, I need help. I have mikrotik with version 2.9.17 packages. I don't know why but I'm announcing all my networks (including the default route, the main problem !) to all my providers (6). If I disable redistributed-static in /routing bgp instance I lost my connection with local NAP in my country. ...

fpascual

Then, I must set up a "limit-at=2000000/2000000" to correcto function ?

Thanks Sergejs.

fpascual

Sergejs, I need limit a total of networks to 2 Mb bidirectional, not per user, it's a housing customer with 4 networks and a couple of servers.
My configuration is correct or I must to set up another parameter ? (like "total-limit-at").

Thanks !

fpascual

Hi, I must apply a limit to simetric 2 Mb to an specific customer. Supposed that the subnets are 192.168.1.0/27 and 192.168.10.0/24, is that correct ??? name="limit-2mb" target-addresses=192.168.1.0/27,192.168.10.0/24 dst-address=0.0.0.0/0 interface=all parent=none direction=both priority=...

fpascual

Changeip, the bgp peer is active ... Into Remote Peer: #sh ip bgp sum Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd Mk_IP 4 #### 187515 235740 888338 0 0 4w5d 24 This is a Cisco Router and debugging don't have any log about BGP errors or not connections.

fpascual

What's mean this log ?:

10:11:09 route,bgp,info Failed to open TCP connection: Operation now in progress
10:11:09 route,bgp,info RemoteAddr=PEER_ADDRESS
10:11:09 route,bgp,info RemotePort=179

Thanks .-

fpascual

How can I debug IpSec packet with an output like "debug crypto ipsec" on Cisco IOS ?

Thanks a lot

fpascual

Changeip, thanks for your reply, I can't understand how must apply the mailing option ..., sorry.

fpascual

Hi, I need to do an script to e-mail me if a dynamic ip address change by provider, how can I do that ?, I have a lot of costumers with dynamic ip addresses.

Thanks

fpascual

Thanks sergejs, and how can I verify if it is limiting ?

fpascual

Yes, I put in /queue simple name="limit-client-2mb" target-addresses=x.x.x.x/24,x.x.x.x/24,x.x.x.x/30 dst-address=0.0.0.0/0 interface=red_acceso parent=none direction=both priority=8 queue=default-small/default-small limit-at=0/0 max-limit=2097152/2097152 total-queue=default-small That is ...

fpascual

I read the "Bandwidth Control" documentation but can't understand what I must use and how.
I have a housing client with 2 /24 networks and want to limit in 2mb/2mb (upstream and dowstream), how can I do ??

Thanks a lot.

fpascual

We have a Routeros 2.9.17 version like border router in our network.
How can I limit the traffic (2mb DW / 2mb US) for two datacenter subnets ???.

Thanks a lot.

fpascual

Hi, I have a Script that send e-mail notification if a host chage the state, how can I modify this script for avoiding sending mail ??

Thanks

fpascual

Bill, thanks, have you got an example of this ?

fpascual

Another question, if I want to set more than one mac address in firewall filter, may I do that ?, eg:

add in-interface=inside src-mac-address=00-08-AA-50-BD-33,00-08-AA-50-BD-35, dst-address=0.0.0.0 dst-port=80 protocol=tcp action=drop comment="" disabled=no

Thanks

fpascual

In this case I have a wireless lan with encore access point and need to put mk between adsl modem and this encore. In the mac address filter into the mk, I must put the wireless mac address no ?

Thanks

fpascual

Ok, understand, do you recommend me to apply firewall filters and not firewall mangle ?.

fpascual

Hi, I need to block internet access to some computers on a customer network, can I do that with /ip firewall mangle feature ?, how ?, they must check e-mails but not access the www and chat, etc.

Thanks a lot

fpascual

ok, I 've got a two mikrotiks, one is in production, the other is empty(system reset), how should I set up the replication ? After setting up replication, I bring up VRRP, Should I connect them between the fast eth ?

Thanks a lot.

fpascual

Yes, that's right, I don't have this package installed.

Thanks a lot !

fpascual

Hi, I have one mk in production and need to spare another one to have a backup, can I use VRRP to do that ?.

Thanks

fpascual

Hi, where is the equivalent path /routing filter 2.9.1x version in the new 2.9.26 ?.

Thanks

fpascual

Hi, I need to do a spare between 2 Mikrotik and when restore the master config with equal interface ethernet names the firewall filters and other configuration parts show me the interfaces like "unknown".
Sorry for my english.

Regards,

Fernando

fpascual

I have a customer with a mikrotik behind an ADSL connection, this is the problem: The hotmail page open ok, but when put a user/pass data redirect to https:/login.live.com and the page doesn´t open (white screen, like time out). I probe connected a laptop directly to the adsl and work OK. The mikrot...

fpascual

Thanks for your reply, the remote is a "Cisco 1811" router with "Cisco IOS Software, C181X Software (C181X-ADVIPSERVICESK9-M), Version 12.4(2)T". The Mikrotik Policy: src-address="IP":any dst-address="IP"/24:any protocol=all action=encrypt level=require ipsec-...

fpascual

Hi, I have a tunnel betwen Mikrotik and Cisco Router, when try to connect the Mikrotik log show me this message:

"dequeuing SA request to IP_ADDRESS , phase 1 wait timed out"

Someone can help me please ?

Thanks a lot.

Fernando

Search found 140 matches