Hi all
It is cool that routerOS does support VPN mutual with Xauth authentication . But, I notice an routing issue between local LAN and the Remote Devices.
The routerOS Ver6.1 vpn setup mostly as Road Warrior with mode config http://wiki.mikrotik.com/wiki/Manual:IP/IPsec#Road_Warrior_setup_with_Mode_Conf. Except, that it is not a NAT/default router for the local Internal LAN Hosts.
Here is the general setup
• RouterOS internal LAN ether2 ip address 172.16.11.250/23
• RouertOS external LAN ether1 ip add 204.53.x.x/24
• VPN/IP POOL 172.16.11.245-172.16.11.249
• RouterOS is not the default gateway for the internal LAN network
• Remote device is a Avaya IP Phones model#5610SW
• RouterOS IS running as VMware 32-bit Linux guest
Amazingly, remote Avaya IP Phone can establish VPN tunnel and obtain IP address from the routerOS VPN/IP pool setup. And, remote phone can ping to the routerOS internal LAN interface. The Window Host on the LAN can ping the routerOS Internal LAN interface. However, window PC host cannot ping to the remote phone. Unless, a static route is configured on the Window host to route traffic to the remote phone (IE. command route add 172.16.11.249 mask 255.255.255.255 172.16.11.250 )
I turned on arp proxy on both Ethernet Interfaces, but that did not work.
/interface ethernet
set 0 arp=proxy-arp auto-negotiation=yes cable-settings=default disable-running-check=yes disabled=no flow-control-auto=yes flow-control-rx=no flow-control-tx=no \
full-duplex=yes mac-address=00:50:56:B0:00:09 mtu=1500 name=ether1 orig-mac-address=00:50:56:B0:00:09 speed=1Gbps
set 1 arp=proxy-arp auto-negotiation=yes cable-settings=default disable-running-check=yes disabled=no flow-control-auto=yes flow-control-rx=no flow-control-tx=no \
full-duplex=yes mac-address=00:50:56:B0:00:0A mtu=1500 name=ether2 orig-mac-address=00:50:56:B0:00:0A speed=1Gbps
also, the routerOS config is attached.
Any help will be greatly appreciated
Thank
routerOS.txt (28.7 KB)