Greetings all. I sent this to support@mikrotik.com but I thought I might see what the forum had to say as well.
I installed a new client tonight and after getting all of the routing set up (it’s all static routing - no pppoe or any other encapsulations), the clients Linksys VPN (BEFVP41 v2.1) device was unable to connect to their remote VPN server. Due to the design of their network, I cannot use the ROS board to fulfill their VPN functions, so I’m stuck with making their device work. I should point out that it works fine over their T1 service which is being replaced by this wireless link.
So a quick diagram looks like this
VPN doesn’t work:
VPN Router ← cat5 → RB411 ← 5Ghz → router1 ← 5GHz → router2 ← cat5 → Cisco 7206vxr Edge
and
VPN does work:
VPN Router ← cat5 → Cisco 2600 ← T1 → Cisco 7206vxr Edge
I know that the VPN device is configured properly, as when I switched the customer back over to their T1 it immediately connected. There’s something about the network path through router1 and router2 that is causing the connection to not work.
Relevant Data points:
- The Cisco 7206VXR is the same physical piece of equipment in both routing paths.
- 1500 byte pings with DF set make it all the way from the RB411 to the Cisco 7206VXR
- The VPN works flawlessly through the T1
- The IP address is the same on the VPN router for both network paths (e.g. I change the routing tables on the network)
- CCQ and Throughput are good but not perfect for 802.11a. CPE can TX 3-4Mbps to the network core with 50-60% CCQ, and RX 4-5Mbps with 70-80% CCQ. Signal is -76/-75.
I feel like I’m probably just doing something wrong, but the configuration on all the hops is really simple. It’s just static routing with WPA2 PSK encryption.