Hi @ all
so i bought these Mikrotik routers and tried to make a small network
So here is my situation:
Having a RB2011 with routerOS 6.32.2 on one side, lets say WAN-IP = 1.1.1.1
internal IP = 10.10.10.0/24
and there is my DIY-NAS with this IP
NAS = 10.10.10.5
On the other side i have:
Home Office with RB951 and routerOS 6.32.2 - WAN = 2.2.2.2
internal IP = 20.20.20.0/24
an my computer with the IP 20.20.20.200
Thing is this:
Home office need to have access to the NAS
So i want from my HOME-PC ( 20.20.20.200 ) to get access to the nas on the other end of the ipsec-tunnel ( 10.10.10.5 )
I already tried the videos on youtube, greg sowell and a lot of german and indian guys, - but i cant ping the networks behind the NAT…
i can ping the routers, and they are responding - but i can not get access to the networks (behind NAT)
WHY???
any idea?
Can someone please help me with this configuration?
Maybe a script?
or just a good tip?
You really didn’t provide enough details for anyone to help you.
First off, can each router ping the other router’s WAN interface? Can you provide a diagram of the network to include the VPN tunnel endpoints?
Can you see if your tunnel is even coming up? Is an SA forming?
How are the tunnels configured for phase I and phase II on each router?
Do you have routes configured on both sides of the tunnel for each side to know where to send packets destined for the other network?
Here’s an example:
===================TUNNEL===================
Router A -----------------------------------------------------Router B
…1.1.1.1----------------------------------2.2.2.2…
10.10.10.0/24 LAN-----------------------------LAN 20.20.20.0/24
NAS: 10.10.10.5 PC: 20.20.20.200
So first we need to make sure that Routes exist on Router A pointing to Router B’s WAN IP. You may find it easier to have the two WAN interfaces in the same network for this example.
I recommend changing the WAN IP to:
Router A: 1.1.1.1/30
Router B: 1.1.1.2/30
I would then configure a simple default route pointing to the WAN interface on each router.
Since you did not provide the Tunnel information I will use some 192.168.x.x IPs and you can swap it out with whatever you are actually using.
So on Router A I would create an TUNNEL endpoint with an IP address of 192.168.10.1 /30 and on Router B I would assign an IP address of 192.168.10.2 /30. The Tunnel Source should be the Local Router’s WAN Interface/IP and the destination should be the remote Router’s WAN address.
At this point you then create a router for your interesting traffic.
Router A: ip route 20.20.20.0/24 192.168.10.2
Router B: ip route 10.10.10.0/24 192.168.10.1
At this point you should be able to ping both WAN interfaces. You should be able to ping the Tunnel endpoints, as long as they are configured correctly. Your traffic should be able to traverse your VPN Tunnel and reach the other network/device.