Hi,
i configure my RB1100AHX2 with 2 LAN and 2 WAN
Each LAN work one’s WAN for internet connection.
I’ve configure Mangle for each subnet LAN and all work Fine
VPN not working
i’ve configure 2 VPN, one for each WAN connection
My configuration is:
/ip address
add address=10.10.8.253/24 disabled=no interface=LAN_2_O network=10.10.8.0
add address=99.88.111.202/29 disabled=no interface=WAN_9_O network=99.88.111.200
add address=10.10.9.253/24 disabled=no interface=LAN_3_IF network=10.10.9.0
add address=99.88.111.194/29 disabled=no interface=WAN_8_IF network=99.88.111.192
/ip firewall filter
add action=accept chain=input disabled=no protocol=icmp
add action=accept chain=input connection-state=established disabled=no in-interface=WAN_9_O
add action=accept chain=input connection-state=established disabled=no in-interface=WAN_8_IF
add action=accept chain=input connection-state=related disabled=no in-interface=WAN_9_O
add action=accept chain=input connection-state=related disabled=no in-interface=WAN_8_IF
add action=accept chain=input disabled=no protocol=ipsec-esp src-address=2.288.288.253
add action=accept chain=customer disabled=no dst-address=10.10.8.0/24 in-interface=WAN_9_O out-interface=LAN_2_O src-address=10.10.10.0/23
add action=accept chain=customer disabled=no dst-address=10.10.9.0/24 in-interface=WAN_8_IF out-interface=LAN_3_IF src-address=10.10.10.0/23
add action=drop chain=input disabled=no in-interface=WAN_9_O
add action=drop chain=input disabled=no in-interface=WAN_8_IF
/ip firewall nat
add action=accept chain=srcnat disabled=no dst-address=10.10.10.0/23 src-address=10.10.8.0/24
add action=accept chain=srcnat disabled=no dst-address=10.10.10.0/23 src-address=10.10.9.0/24
add action=masquerade chain=srcnat disabled=no out-interface=WAN_9_O src-address=10.10.8.0/24
add action=masquerade chain=srcnat disabled=no out-interface=WAN_8_IF src-address=10.10.9.0/24
/ip ipsec peer
add address=2.288.288.253/32 auth-method=pre-shared-key dh-group=modp1024
disabled=no dpd-interval=2m dpd-maximum-failures=5 enc-algorithm=3des
exchange-mode=main generate-policy=no hash-algorithm=sha1 lifebytes=0
lifetime=1d my-id-user-fqdn=“” nat-traversal=no port=500 proposal-check=
obey secret=1234567890 send-initial-contact=yes
add address=2.288.288.253/32 auth-method=pre-shared-key dh-group=modp1024
disabled=no dpd-interval=2m dpd-maximum-failures=5 enc-algorithm=3des
exchange-mode=main generate-policy=no hash-algorithm=sha1 lifebytes=0
lifetime=1d my-id-user-fqdn=“” nat-traversal=no port=500 proposal-check=
obey secret=1234567890 send-initial-contact=yes
/ip ipsec policy
add action=encrypt disabled=no dst-address=10.10.10.0/23 dst-port=any
ipsec-protocols=esp level=require priority=0 proposal=default protocol=
all sa-dst-address=2.288.288.253 sa-src-address=99.88.111.194
src-address=10.10.9.0/24 src-port=any tunnel=yes
add action=encrypt disabled=no dst-address=10.10.10.0/23 dst-port=any
ipsec-protocols=esp level=require priority=0 proposal=default protocol=
all sa-dst-address=2.288.288.253 sa-src-address=99.88.111.202
src-address=10.10.8.0/24 src-port=any tunnel=yes
/ip route
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=99.88.111.193
pref-src=10.10.9.253 scope=30 target-scope=10
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=99.88.111.201
pref-src=10.10.8.253 scope=30 target-scope=10
can someone help me?
Raffaele