vpn intern OK, over internet not OK
Posted: Mon Feb 02, 2015 9:59 pm
Hi all,
I just installed my first mikrotik RouterBOARD 1100AHx2. All routing works fine, but I face problems with the L2TP/IPSec VPN connection. From direct outside the RB it works, but from outside, via the internet, I can't connect.
The setup is rather simple ( https://dl.dropboxusercontent.com/u/12926517/Layout.jpg )
the network is connected to the internet via a standard Cisco EPC3925 modem/router (from the cable company).
Under that the RB (1), and behind that the whole network.
When I put the microtik RB in the dmz (or redirect all the needed ports) i do not get a VPN connection, the client that connects via the internet just times out and there is no single sign in the RB logging.
My windows 7 (64bit) test client (2) is directly connected under the Cisco network, so NOT under the RB.
With this client I can create a windows client VPN and everything works fine.
Of course that would point to a bad port forwarding, but when I use a simple test utility ( http://www.hw-group.com/products/hercules/index_en.html )
I let the Cisco DMZ point to my windows laptop (2), who is then running the Hercules test server software. Without problems I can reach the Hercules test server from any other place on the internet. (no VPN involved here, just plain server). Also when I use port forwarding for the tested ports to this laptop (instead of DMZ) , everything works fine.
So why does an internal VPN work, but an internet VPN not?
Can anybody give me a hint?
the ports I opened for forwarding VPN/L2TP are here below. I also tried by putting the whole RB in the DMZ and that also didn't work:
L2TP traffic - UDP 1701
Internet Key Exchange (IKE/negotiation) - UDP 500
IPSec Network Address Translation (NAT-T) - UDP 4500
Encapsulated Security Protocol (ESP) - TCP 50
Authentication Header (AH) - TCP 51
I just installed my first mikrotik RouterBOARD 1100AHx2. All routing works fine, but I face problems with the L2TP/IPSec VPN connection. From direct outside the RB it works, but from outside, via the internet, I can't connect.
The setup is rather simple ( https://dl.dropboxusercontent.com/u/12926517/Layout.jpg )
the network is connected to the internet via a standard Cisco EPC3925 modem/router (from the cable company).
Under that the RB (1), and behind that the whole network.
When I put the microtik RB in the dmz (or redirect all the needed ports) i do not get a VPN connection, the client that connects via the internet just times out and there is no single sign in the RB logging.
My windows 7 (64bit) test client (2) is directly connected under the Cisco network, so NOT under the RB.
With this client I can create a windows client VPN and everything works fine.
Of course that would point to a bad port forwarding, but when I use a simple test utility ( http://www.hw-group.com/products/hercules/index_en.html )
I let the Cisco DMZ point to my windows laptop (2), who is then running the Hercules test server software. Without problems I can reach the Hercules test server from any other place on the internet. (no VPN involved here, just plain server). Also when I use port forwarding for the tested ports to this laptop (instead of DMZ) , everything works fine.
So why does an internal VPN work, but an internet VPN not?
Can anybody give me a hint?
the ports I opened for forwarding VPN/L2TP are here below. I also tried by putting the whole RB in the DMZ and that also didn't work:
L2TP traffic - UDP 1701
Internet Key Exchange (IKE/negotiation) - UDP 500
IPSec Network Address Translation (NAT-T) - UDP 4500
Encapsulated Security Protocol (ESP) - TCP 50
Authentication Header (AH) - TCP 51