MikroTik

Hi!

My question is simple, I don't know how to make a netwatch rule that verifies an IP address on the other side of a IPSec VPN.

I have a LAN, 192.168.20.0/24 with a mikrotik 192.168.20.254 establishing a IPSec VPN with other mikrotik, 192.168.1.254 in the 192.168.1.0/24 LAN. I want to monitor a PBX in the 192.168.1.0/24 network from the 192.168.20.0/24 network.

How do I change the source address (like you can do in a normal ping "ping 192.168.1.2 src-address=192.168.20.254") of a netwatch so it doesn't appear down in its Status? if I can't change that, there is another way to make a full time ping to that IP address?

Thanks beforehand for any replies.

Daniel.

Is there at least a script to make a sustained ping through an IPSec tunnel? I just want to keep the tunnel stablished

Add a route to 192.168.1.0/24 on you LAN interface

e.g:

/ip route add disabled=no dst-address=192.168.1.0/24 gateway=Lan

that will make Netwatch work

Thanks!!!! It worked just fiiine!

Add a route to 192.168.1.0/24 on you LAN interface

e.g:

/ip route add disabled=no dst-address=192.168.1.0/24 gateway=Lan

that will make Netwatch work

It works! but how?
anybody can explain?

It works! but how?
anybody can explain?

I found this puzzling too, it works because your ipsec tunnel has a policy that applies to traffic destined for that address range, but traffic has to be on lan interrface to get picked up by the policy, that route gets traffic for that range onto lan where the policy can apply to it