Thanks for quick answer! Confirmed it, did a packet dump on the 10.0.0.2 device and noticed ICMP packages for 192.168.255.5 comming with src addr 10.0.0.1. Don't have any nat configured on the device, only some IPSEC config (that's why I noticed it since it wouldn't match the policy and therefor not...

Hi, If someone could verify this problem or tell me what I'm doing wrong it would be great :) addresses: 0 10.0.0.1/24 10.0.0.0 10.0.0.255 ether1 1 192.168.0.1/24 192.168.0.0 192.168.0.255 ether2 routing table: 0 A S 0.0.0.0/0 reachable 10.0.0.2 1 ether1 1 ADC 10.0.0.0/24 10.0.0.1 0 ether1 2 ADC 192...

Hi, I was wondering if it's possible to configure a routeros device as a internal router (only one area) for a area that's not area0? If this is not possible that would indicate that all routeros devices would have to function as ABR (since they would be in both the desired area and area0), somethin...

Mplsguy, Hmm, I think I misread you then. However if I don't really understand why you want to traverse the routing table twice. I can understand it in those cases where you don't have a src-address for the package (since then it would pick src-address which is the closest interface to the destinati...

Hi Mplsguy Well, just a typo. I changed the ipaddresses from the real experiement I made. However I think you are wrong, because the marking is working. In the example I gave below it does not use the default gateway it uses the gateway given by the vrf according to the marking. And if you check the...

Hi everyone It seems both the policy-routing and using VRF (routing-test package) don't work when there isn't no routing in the main routing table. See the following example on what happens: First set some ips: /ip address add address=192.168.0.1/24 broadcast=192.168.0.255 comment="" disab...

Hi Chupaka

Tried this with a rb600 with a clean config (only configured default gw and ip on one interface) and running 3.10

I had no problems.

br
Hippo

Actually most of the functionality for virtual routers are already in the routeros in the form of routing-tables. What needs to be added is some form of front end so that you are able to place interfaces in certain virtual-routers and make sure that traffic only hits the corresponding routing table....

I second the request for tunnel based route based vpn:s (see nz_monkeys post).

I would also like to see support for virtual routers (vrouters,vrf...)

Hmm, that looks interesting. What is the mode of the ipsec, tunnel or transport?

And, would you mind posting the configuration for the netscreen side as well?

br
Hippo

nz_monkey: I was under the impression that you couldn't use route based vpn's with Cisco. I thought you could only either use access-list based vpns with Cisco or somesort of IPSEC-transport + ipip. If you have the time, could you please show me or give me a link on how to configure Cisco with a rou...

Hi nz_monkey From my understanding it's not possible, which is a shame since that way is very easy to work with. However I don't think the way that netscreen does this is completely RFC compliant. I would also (at the moment) recommend you to stay away from ipsec on router-os since I have experience...

Short answer, stay away from it. It's evil

For a long answer on what syncronization is:
http://www.juniper.net/techpubs/softwar ... fig11.html

(yehe I know it's for juniper, but it applies for anything that talks bgp)

Hi

That's solved on l2 level and not l3 levels. For example extreme has a concept that's called super-vlan and I think cisco calls it pvlan. So you have to solve it on your switches, not your firewall.

Hi I would advise that you turn synchronization of in the BGP routers (if you are using IBGP between them which I suspect you are), this could fix your problem. I would also advice that you configure a high static default route out of the network so that even if you experience this problem, you will...

I think what you are experiencing is the same problems as I have been having, see:
http://forum.mikrotik.com/viewtopic.php?f=2&t=22975

For a detailed instruction for how to reproduce the problem
br
Hippo

No one is able to replicate this? Have someone tried?

Or do you have any suggestions or tips?

Hi Gff

I would use /interface print

However I'm sure you could use /interface find type
but I'm unsure about the syntax.

br

I discovered something strange when playing around with ipsec on ROS. I have one ROS device on 1.2.3.236/25 that I have been playing around with. I have a transport ipsec tunnel configured towards 1.2.3.234/25. The gateway on that network is 1.2.3.129. When that tunnel is up and running everything i...

Hi! Thanks for the help! Allthough there was one more thing missing, you have to have a route for the network in the 192.168.0.0/24 in the main table. That route wasn't used but unless it was there it would not check the alternative routing table for a route for that network. I noticed this I didn't...

Hi I seem to have a problem with route mark on outgoing traffic from the RouterOS device. Version used is ROS 3.6 If I do the following: /ip route> add dst-address=192.168.0.0/24 gateway=10.0.0.1 routing-mark=test /ip route rule> add routing-mark=test action=lookup table=test /ip firewall mangle> ad...

More input, if I connect one client 10.0.1.5 to the mikro234 and one more client 10.0.2.5 to mikro236 they can ping each other without any problems so the problem really seem to be when packages are originating from the routeros device.

Hi 1) Upgraded to 3.6 on both devices and the problem is still occuring. 2) yes, I have a bgp filter in that looks like this: 0 chain=setmarktrust invert-match=no action=passthrough set-routing-mark="trust" that I use to make sure that all routes I get from the bgp are inserted into the co...

Hi I have some trouble getting secondary routing tables up and running and I would appricate some help. What I'm trying to achive is the following: Two routeros boxes, called mikro234 and mikro236, they each have two interfaces used, one side towards the internet and one side towards the trusted sid...