Hi,

You can probably check this wiki for some examples for ip firewall things for Mikrotik.

http://wiki.mikrotik.com/wiki/Manual:IP/Firewall/Filter

You can also use mikrotik's winbox client as a GUI client for Mikrotik devices.

regards,

Hi,

You can check this wiki to setup a wireless Access Point with Mikrotik products:

http://wiki.mikrotik.com/wiki/Manual:Ma ... ireless_AP

regards,

Hi, I have a public /24 that is router to my router's serial IP (a public /30). I want to route the /24 as a small subnet to 5 different locations (on 5 different interfaces on my RB). I do not want to bridge the interfaces, instead I want each interface to have a /26 or a /28 (depends on the locat...

:D Good to hear that it is finally working... @JJCinAZ Thanks but on my firewall filter, there is no rules for forward chain, only rules to block port scanner/nmap. I have just re-checked my lan setup, both (ether1 and ether2) of them are fine, no erroneous gateway/dns server,all of the routes are o...

hi, You have 3 different subnets that you are tying to put into a single Mikrotik ClouldCore Router. 1. to connect to internet should be /30 subnet (not /3 as mentioned). this is normally point to point to your ISP 2. /24 is your static public IP address-es, normally assign by your ISP. 3. /20 is yo...

I think this is the point that we are making, if you take 2 subnets and make them NAT(MASQ) on both sides, all we see is the IP address-es of each gateway (10.8.8.1 or 10.9.9.1). And we have to do the DNAT, in order, for example to make your FTP to work. In a normal routing way, especially when we m...

Hi, great, good to hear that you can ping each other. yes, windows by default will not reply to a icmp from another subnet, this is what I was getting at. we need to investigate more on the ftp. on the nat masquerading, this is the correct way (there in no other way I can think of). However, please ...

So can you try to ping from any ether2 LAN clients to 10.9.9.1 (your gateway), as well as to 10.8.8.1 (ether1) network.

Also, what is your client OS on both sides ether1 and ether2?

regards,

HI,

Please post the output of:
/ip address print

Also, can you describe your issue in more detail, do you mean users at LAN ether2 can not ping to the LAN users of ether1?

regards,

Hi, It is good to hear that you are good with OSPF. About L2TP (that I never used) is there perhaps some "unwanted" or "problematic" traffic in connecting 16 fully meshed sites on Layer2 ??? It's like to have all sites wire-connected , all seeing all , despite protocols etc From ...

Sure, I was just making an example that RIP, as one of dynamic routing protocols out there, is supported within L2TP, however, newer and better routing protocols like OSPF is recommended with any L2TP implementations.

regards,

Hi, OK, GRE(+IPSEC) is another point to point tunnelling protocol (it was first developed by CISCO), you can also check this out: IPIP and EoIP in which they have similiar features. http://wiki.mikrotik.com/wiki/Manual:Interface/Gre GRE and IPIP are layer 3 tunneling protocols, in which you will nee...

Hi,

Good to hear that your issue is resolved.

We had exactly the same IPSEC error message on the server, as it turns out, we have disallowed incoming UDP Port 1701 (L2TP) on the client firewall, when we opened the port, the connection is working.

regards,

Thanks for replies, All sites have their own public static IP address It would be interesting that traffic wouldn't pass through "A" site when "B" is talking with "C" (assuming "A" is the main company site) So, for 15 sites, should I build 14 tunnels each ?? ...

Hi,

Both LAN's must have the correct routing tables to reach each other LAN, e.g. LAN 1 192.168.10.0/24 and LAN 2 192.168.20.0/24 ; from LAN 1 must have the correct routing to LAN 2, and vice versa, LAN 2 must have the correct routing from 192.168.20.0/24 to LAN 1 192.168.10.0/24

good day...

Hi, perhaps you check this info: http://wiki.mikrotik.com/wiki/Manual:Interface/L2TP Also, how is your remote office connecting to the main office, is it via a Mikrotik Device as well? there must be an IP routing on the home office device (192.168.103.0/24 network) to the main office LAN, and also y...

Hi,

you can check the following documents:

http://wiki.mikrotik.com/wiki/Manual:Interface/L2TP
http://wiki.mikrotik.com/wiki/Manual:BC ... _bridging)

good luck...

hi,

It is most likely that your external laptop has the "default gateway" set to the PPTP connection, you can deselect this and your internet connection will come directly from your internet connection of your external laptop.

Hi,

you can check out the following documents:

http://wiki.mikrotik.com/wiki/Manual:Interface/L2TP
http://wiki.mikrotik.com/wiki/Manual:BC ... _bridging)

hi, most likely your remote users have firewall between them and their device (PC or otherwise), check their firewall and see if there is anything like "allow IPSEC passthrough" and also allow all IPSEC related ports like UDP 500, 4500 as well as L2TP port 1701 UDP to be forwarded via the ...

Let's say 15 sites one of wich with a 34mbs symmetric dsl , the other mostly 7m/1m asymmetric dsl Each site with its 192.168.x.x C class and VoIP traffic to be managed. I've used succesfully GRE w IPSEC and static routes in same three-site networks , i'm asking if (surely) some dynamic routing and ...