I have 2 RB750, Trying to route Site to Site SSTP.
SSTP Connect OK between routers and I can ping from Terminal in router1 to computers behind router2
But not From a computer on LAN side Router1 to Computers on LAN router2.
I.e. The tunnel is working OK But not Routing/firewall/NAT.
I think the problem is either NAT-rule or Firewall-rule. Below is my config.
Router2 is the Server Connected direct to Internet.
Router1 is behind a NAT/Firewall.
Router1:
/IP Routing
0 A S 0.0.0.0/0 10.110.110.3 1
1 ADC 172.35.0.1/32 172.35.0.2 sstp-out1 0
2 ADC 10.110.110.0/24 10.110.110.14 ether1-gateway 0
3 ADC 192.168.88.0/24 192.168.88.1 ether2-master-l... 0
4 A S 192.168.89.0/24 172.35.0.1 2
/IP Firewall NAT
0 A S 0.0.0.0/0 10.110.110.3 1
1 ADC 172.35.0.1/32 172.35.0.2 sstp-out1 0
2 ADC 10.110.110.0/24 10.110.110.14 ether1-gateway 0
3 ADC 192.168.88.0/24 192.168.88.1 ether2-master-l... 0
4 A S 192.168.89.0/24 172.35.0.1 2
/Ip Firewall Filter
;;; default configuration
chain=input action=accept protocol=icmp
1 ;;; default configuration
chain=input action=accept connection-state=established
2 ;;; default configuration
chain=input action=accept connection-state=related
3 ;;; default configuration
chain=input action=drop in-interface=ether1-gateway
Router2:
IP Firewall Nat
0 ;;; default configuration
chain=srcnat action=masquerade to-addresses=0.0.0.0
out-interface=ether1-gateway
IP Firewall Filter
0 chain=input action=accept protocol=tcp in-interface=ether1-gateway
dst-port=443
1 chain=input action=accept protocol=gre in-interface=ether1-gateway
2 chain=input action=accept protocol=tcp in-interface=ether1-gateway
dst-port=1194
3 ;;; default configuration
chain=input action=accept protocol=icmp
4 ;;; default configuration
chain=input action=accept connection-state=established
5 ;;; default configuration
chain=input action=accept connection-state=related
6 ;;; default configuration
chain=input action=drop in-interface=ether1-gateway
IP Route
0 ADS 0.0.0.0/0 85.224.1.129 0
1 ADC 85.224.1.128/25 85.224.1.141 ether1-gateway 0
2 ADC 172.35.0.2/32 172.35.0.1 <sstp-vpn> 0
3 ADS 192.168.88.0/24 172.35.0.2 1
4 ADC 192.168.89.0/24 192.168.89.1 ether2-master-l... 0
I have probably missed something fundamental, but can't figure out what!
Can anybody help me ?