Community discussions

MikroTik App
 
bogdanm
just joined
Topic Author
Posts: 2
Joined: Tue Oct 22, 2013 4:53 pm

Site to Site IPsec Tunnel between 2 RouterBoards

Tue Oct 22, 2013 5:11 pm

Hello guys,

I have 3 subnets in 3 different offices.

Office #1: 192.168.0.1/24
Office #2: 192.168.100.1/24
Office #3: 192.168.200.1/24

Each office has a MK RouterBoard Router with Dual WAN Configuration.
All the WAN interfaces have static public IP addresses.

Now I would like to connect them into one single network so that every device connected on any network can access any other device connected to any of the 3 networks.

I managed to complete this to roughly 80%.

I've done a Site to Site IPsec Tunnel between the 3 offices in RouterOS and everything seems to be working but it's not quite what I want.

What is working:
[*] I can ping SOME devices throughout the network (ex.: I can ping devices connected to Office #1 from Office #3, etc).

What is not working:
[*] I can't ping Widows PC's with firewall activated, although local pinging from the MK router that the PC is directly connected to works flawlessly.
[*] I can only access some ports through the IPsec tunnel. Example: I can access a office #3 remote AP web administration page (port 80) from office #1 but I can't access a NAS administration page (port 5000) from office #1, it simply timeouts after a long time.

I hope I am clear enough in my explanation.

Can you guys help me please?
I'm desperate...

Thanks !
 
bogdanm
just joined
Topic Author
Posts: 2
Joined: Tue Oct 22, 2013 4:53 pm

Re: Site to Site IPsec Tunnel between 2 RouterBoards

Fri Oct 25, 2013 11:09 am

Anyone?
 
leonset
Member Candidate
Member Candidate
Posts: 256
Joined: Wed Apr 01, 2009 9:09 pm

Re: Site to Site IPsec Tunnel between 2 RouterBoards

Fri Oct 25, 2013 1:01 pm

1.- Check Windows firewall config to open the new C ranges of the other offices. If you enable ping from the firewall UI it will allow only from the C class that the computer belongs to. Try disabling firewall and test.

2.- Could be similar: maybe the NAS only allows access to the /24 it belongs to...

3.- Make sure that you are routing traffic correctly and that traffic isnt coming through one interface/WAN and going out by the other. I've never got IPSec working with dual simultaneous WAN's, only could use them as failover or "loadbalancing" using difeerent policies

Who is online

Users browsing this forum: 3pages, haianh, nanobahr, NanoTik and 14 guests