Hello,
does anyone have any ideas, or have I not described the question well enough?


In the meantime, I have replaced the RB3011 temporary with a similarly configured RB5009. The sporadic failure or the inaccessibility of the route to the Speedport still remains.

Hi guys, i actived debug logging on my RB3011. I found some logs on this time, where my connection still lost. 27.12.23 20:13 Debug rb3011_alzey syslog start CRL update 27.12.23 20:13 Debug rb3011_alzey syslog type: simple, host: 8.8.8.8 ] attempts: 1 27.12.23 20:13 Info rb3011_alzey syslog type: si...

Hello everyone, I'll try to describe my problem. I have a medium sized network with a RB3011 as router/firewall/cap manager/VPN Behind this, several switches are connected across the entire site. Directly behind the RB3011 is a CRS328 and a CRS354(48Poe 4 S+ 2 Q) In front of the RB3011 there is anot...

I have now migrated the entire Azure network to Germany.
From a ping with 150ms we are now at about 30ms

Seems to be a bit faster as well.

I have another question for understanding.

If I now call the resource directly via the local wan (3011) the construction of the page is faster, as the construction via Azure and the VPN.

What I have to say, I have selected Azure US! I will try that again.

Ok I see,

that's how it works now. Thanks a lot

The necessary firewall rules I make but in the case on the CHR?!

Hello, now that you gave me the info, it makes sense mentally! That means I have to mark the connection that goes from the tunnel to my local network. Then I have to mark everything that has this connection-mark and wants to go out again with a routing-mark! For this then a route to 0.0.0.0/0 over t...

By disabling that NAT rule completely, you've prevented the devices in the relevant subnet from reaching the internet, unless ether2-DSL is your only WAN; if it is, rule #2 was completely unnecessary because rule #3 doesn't care about source address and src-nats everything that goes out via ether2-...

YES!!! its a azure thing!

I have to enable ip forwarding on the NIC from my CHR VM!

What information do you need to assess this?

I can't get rid of the thought that something needs to be done to the routing here in Azure.
But what.

Thanks for your quick help, I think we are getting closer. I have the following NAT entries. [admin@rb3011_alzey] /ip firewall nat> print Flags: X - disabled, I - invalid, D - dynamic 0 ;;; kein NAT fuer VPN Clients chain=srcnat action=accept src-address=10.1.1.0/24 dst-address=10.100.124.0/23 log=n...

Hello, thank you for your answer. On the CHR I could only detect something when I took the IP to the IP from the VM from Azure. apparently I come out there with the IP of the openVPN endpoint. I also ran the sniff on the RB3011. It seems to arrive yes in the Azure world, but not passed there. Mister...

Hello, here are the rules of the firewall on the CHR /ip firewall filter> print Flags: X - disabled, I - invalid, D - dynamic 0 ;;; Netzwerkverkehr forwarding chain=forward action=accept connection-state=established,related log=no log-prefix="" 1 ;;; Netzwerkverkehr forwarding chain=forwar...

Good morning, I have a CHR installed in Azure. One NIC hangs in a gateway subnet and a 2nd NIC hangs in a VM subnet. To my local network I have an OpenVPN connection from my RB3011 to the CHR. I have in the Azure network the subnet 172.17.5.0/24 and in the local one the 10.100.124.0/23. The OpenVPN ...

Hello,

Also search for a useful documentaion.

I have a slightly different setup, my local public Ip is a dynamic adress, is it also possible to connect a site-to-site vpn with azure?

Thanks

I already have an extra vlan for this hotspot system.
Vlan20


I think in have a solution. I disabled dst nat and it already worked

Hello Guys. I have some Network Cameras in a Hotspot Environment. I need to access to these cameras from my Management Network Hotspot 172.16.0.0/24 Managment 10.100.124.0/23 But some dymnamic firewall rules from the Hotspot Router block my traffic. What i need to do, to bypass them. Ip binnindgs do...

Hello Guys, I have an rb3011 with some WAP with Capsman. The rb3011 is the Caps Manager. By SNMP I connected the rb3011 to a Zabbix server. Trap Version 1 On the Zabbix server I get messages about the logon/logoff of the clients as a problem. How can I change that? On the Zabbix server, I don't need...

ok this make sense.

I was thinking of the same thing, I just wasn't sure.

Thank you

Hello Guys, I have a question. I want to make cameras available to users in a subnet. In order for users to register in this net, they have to buy a voucher, only then can the users connect to the cameras. Internet is not necessary in this network. But how can the cameras draw a DHCP address in this...

Hi everyone,

I need to understand the Firewall Rule Jump.

What happens when a packet enters the Firewall Rule Jump.
The packet jumps into Chain XX.
But what happens after that? Will the packet continue to run at the point after it has hit the Jump Rule?

Thanks for your help!

Matthias

Hi everyone, i have a simple question. I try to Route a specific VPN User to a specific Subnet. For example, i have a OVPN Connection to a Mobile LTE mAP2 . In this Location i need to use a VPN to access one Device. This connection between my RB2011 and this map2 is fine. But a VPN User log into my ...

Hi Guys, hi have a short Question. I use in a Lab Enviroment a Rb2011 and one mAP. I try to configur VLAN on both device´s. I try to explane my configuration. I tested a lot of options. On mAP i have add a VLAN Interface on eth1. I added this on a bridge br_TEST and gave it a Adress 172.10.10.2/24 O...