routing issue cannot ping

Hi I have set up an IPSEC conecction between a headoffice and a couple of other store locations
I also have created a l2tp + ipsec conecction for people who work remotely.

But I have one issue, everyone can ping the server in the headoffice. The devices in the other locations who are connect by IPSEC site to site, the remote laptop which connects via l2tp, and the other PCs in the headoffice.

headoffice has a server and several PCs for workers

But i don’t know why i cannot ping the other devices of the headquarters. I cannot ping them from outside (other locations, remote) nor from the inside (cannot ping from server to PC1 in the same location but i can ping from pc1 to server).


I must have somethng wrong with the routes or the firewall but cannot figure out what.

This is relevant configuration

/interface bridge
add name=lan-ofic
/interface ethernet
set [ find default-name=ether1 ] name=ether1-wan
set [ find default-name=ether2 ] name=ether2-pc1
set [ find default-name=ether3 ] name=ether3-SERVER
set [ find default-name=ether4 ] name=ether4-pc2
set [ find default-name=ether5 ] name=ether5-AP
/interface bridge port
add bridge=lan-ofic interface=ether2-pc1
add bridge=lan-ofic interface=ether3-SERVER
add bridge=lan-ofic interface=ether4-pc2
add bridge=lan-ofic interface=ether5-AP
/ip address
add address=xx.xxx.xx.xx/24 (public ip) comment=“wan” interface=ether1-wan
network=xxx.xxx.xxx.x
add address=192.168.1.1/24 comment=bridge interface=lan-ofic network=
192.168.1.0
add address=192.168.1.2 comment=“ether2” interface=ether2-pc1
network=192.168.1.0
add address=192.168.1.3 comment=“server ether3” interface=ether3-SERVER network=
192.168.1.0
add address=192.168.1.4 comment=“POS ether4” interface=ether4-pc2 network=
192.168.1.0
add address=192.168.1.5 comment=“AP TP LINK ether5” interface=ether5-AP
network=192.168.1.0
/ip dhcp-server network
add address=192.168.1.0/24 dns-server=1.1.1.1,8.8.8.8 gateway=192.168.1.1
/ip dns
set allow-remote-requests=yes servers=1.1.1.1,8.8.8.8
/ip firewall filter
add action=accept chain=forward dst-address=192.168.1.0/24 protocol=icmp
src-address=192.168.1.0/24
add action=accept chain=forward dst-address=192.168.1.0/24 protocol=icmp
src-address=192.168.1.97
add action=accept chain=input dst-port=22 protocol=tcp src-address=192.168.1.100
add action=accept chain=input dst-port=22 protocol=tcp src-address-list=
ssh-allowed
add action=accept chain=input dst-port=8728 protocol=tcp src-address-list=
api-allowed
add action=drop chain=input dst-port=8728 protocol=tcp
add action=drop chain=input dst-port=22 protocol=tcp
add action=log chain=forward log-prefix=“ICMP-from server” protocol=icmp
src-address=192.168.1.97
/ip firewall nat
add action=accept chain=srcnat dst-address-list=192.168.1.0/24 src-address-list=
192.168.1.0/24
add action=accept chain=srcnat dst-address=192.168.88.0/24 out-interface=
ether1-wan src-address=192.168.1.0/24
add action=masquerade chain=srcnat out-interface=ether1-wan
/ip route
add distance=1 gateway=xx.xxx.xxx.x (local gateway)
/ip service
set telnet disabled=yes


i have disable all firewall rules but it wasn’t the problem there

Hi!

Can you use the “code” tags around your config?

Speaking of which:

• do you have a network diagram?
• a list of IP addresses?

In the config you have ip addresses set to each interface, what is the purpose? These are ports in the switch, they should not have individual IP.

Can you post also the vpn config? The whole config would be best if you can.

remove:

/ip address
add address=192.168.1.2 comment="ether2" interface=ether2-pc1 network=192.168.1.0
add address=192.168.1.3 comment="server ether3" interface=ether3-SERVER network=192.168.1.0
add address=192.168.1.4 comment="POS ether4" interface=ether4-pc2 network=192.168.1.0
add address=192.168.1.5 comment="AP TP LINK ether5" interface=ether5-AP network=192.168.1.0

and give the addresses of server & PC1

Hi!!
THank you all, it was a problem with the windows firewall.
I enable the rules that allow icmpv4 echo request, both in and out.

thanks everyone!!