Hello
I have a gre over ipsec up & running between 2 mikrotik routers A and B.
The topology is the following:
LanA-> router A <-> router B <-LanB
Ping from a host from Lan A to a host on the network B is ok.
Ping from cmd of router A to the same host on B not working.
Ping from cmd of router A to address of gre on router B is ok.
How can this happen?
Thank you
Re: Cannot ping frm comand line but from lan yes
What happends if you specify source IP ? It works, i suppose.
Just little hint, torch traffic from router A when you are trying to ping host B, and look in source IP field.
Just little hint, torch traffic from router A when you are trying to ping host B, and look in source IP field.
Re: Cannot ping frm comand line but from lan yes
I had this problem and found the packet was trying to leave the router over the GRE tunnel with the wrong source address - it was using the address of my main WAN link rather than the tunnel address. I solved this by using a src-nat on the traffic from the router to the tunnel e.g.
a.b.c.d/e is your remote network and p.q.r.s is the correct local address to match the IPSec 'interesting' traffic criteria.
Code: Select all
/ip firewall nat add action=src-nat chain=srcnat dst-address=a.b.c.d/e src-address-type=local to-addresses=p.q.r.s
Who is online
Users browsing this forum: No registered users and 43 guests