I’ve configured an IPsec Site 2 site VPN connection between a public Cloud and my on premise environment. Weird thing: PING only works in one direction. I’m able to ping from my on premise environment to virtual machines in the Cloud.
But when I try to ping from the Cloud to my machines on premise it fails.
I don’t think it is a firewall problem because a ping from the Cloud side to the Mikrotik router on premise is succesfull:
Maybe the reply of the device behind the Mikrotik router somehow gets lost and is not delivered at the device that initiated the ping on the public cloud side. A routing problem? Shouldn’t this be covered by the config of the VPN at the Mikrotik side (IPsec policy)?
Probably something tiny I missed somehow. But what did I miss or do wrong? Hope someone is able to help.
Thanks for your help! The other side of my Site 2 site connection is Microsoft Public Cloud Azure. I don’t think they are supporting EOIP tunnels. Is there an alternative to solving this issue, I can do on the MikroTik side without the need to change technologies or protocols at the Microsoft side?
Yes I know the site of Greg. Followed some of his video’s. The weird thing is it’s almost working perfect. I can even ping my router from the public cloud (azure) side. I recently changed all IP spaces on public cloud side so they are now more similar to the on premise side. But all though everything was changed and re-configured with the new IP space the result is still exactly the same:
Ping from Azure VM to Mikrotik router is succesfull
Ping from device behind Mikrotik router to Azure VM is succesfull
RDP session from device behind Mikrotik router to Azure VM is succesfull
Ping to on premise device (behind the Mikrotik router) from Azure VM fails
I have the same problem. I’ve configured an IPsec Site 2 site VPN connection between HQ and remote office. I’m using RB2011iL-IN in both offices. PING only works in one direction. I’m able to ping from my on HQ to remote office. Not just that I’m able to connect to any pc from the HQ to remote office. From remote office I can not ping or connect to for example MainServer.
I’m using similar configuration. Try so far probably 4-5 times with even different routers. This is my first IPces configuration. I managed to setup PPTP, EOIP, EOIP over PPTP etc. (for different customer) and it’s working fine.
This is what I don’t get. Why MikroTik help doesn’t want to help? It is beyond believe. If is something (like for example) hardware doesn’t support this they should come and say it. Or if there is solution… they should know…tell us. It is unbelievable.
Thanks for your reply look like we are on our own on this.
I’m using version 6.34.1
I can ping from HQ router everything but from remote office I can ping only HQ router.
I did try to add ipip with ipsec but it is doing the same thing. I think we are missing some routing here but I’m not sure what. I can also ping in both directions but only routers IP nothing else.
I’m at the point that I will probably get cisco routers and finish the job. I can not understand why Mikrotik is not helping. Forum should be the place that we are helping one to another. But if there is no right answer or solution Mikrotik should jump in. They should help. We are buying their product. We are using their product.
