Hi, i have unusual problem with connection.
In Attached picture You can see.
I have problem to reach 192.168.10.X from 192.168.20.X without connected 192.168.10.246 Link
But from 192.168.10.X i can reach 192.168.20.X without 246 link
How to set M$2008R2 serv properly ? Anyone have similar problem?
I have computer in 192.168.10.X i can ping 192.168.20.X but when i have computer in 192.168.20.X i can't ping 192.168.10.X
but when i connect 192.168.246 to MT i can reach from 192.168.20.X with no problem
MT CCR + WinSrv2008R2 as router = problem with propely setting
You do not have the required permissions to view the files attached to this post.
Last edited by Neski on Mon Aug 14, 2017 1:53 pm, edited 2 times in total.
Re: MT CCR + WinSrv2008R2 as router = problem with propely setting
This doesn't make sense, first sentence contradicts second... please review your post and try to be more specific...I have problem to reach 192.168.10.X from 192.168.20.X without connected 192.168.10.246 Link
But from 192.168.10.X i can reach 192.168.20.X ewen without 246 link
Re: MT CCR + WinSrv2008R2 as router = problem with propely setting
I'm trying to route two subnets, one behind mikrotik the second one behind M$Server2008R2This doesn't make sense, first sentence contradicts second... please review your post and try to be more specific...I have problem to reach 192.168.10.X from 192.168.20.X without connected 192.168.10.246 Link
But from 192.168.10.X i can reach 192.168.20.X ewen without 246 link
Re: MT CCR + WinSrv2008R2 as router = problem with propely setting
post an export.
Does the mikrotik router has an 192.168.10.x/24 ip address assigned?
Does the mikrotik router has an 192.168.10.x/24 ip address assigned?
Re: MT CCR + WinSrv2008R2 as router = problem with propely setting
nopepost an export.
Does the mikrotik router has an 192.168.10.x/24 ip address assigned?
Code: Select all
[admin@MikroTik] > /export hide-sensitive
# aug/14/2017 11:58:13 by RouterOS 6.40.1
# software id = K08Q-QN1P
#
# model = CCR1036-8G-2S+
# serial number = XXXXXXXXX
/interface bridge
add arp=local-proxy-arp name=Bridge-Simple
add arp=local-proxy-arp fast-forward=no name="jedynka do expertisa"
/interface ethernet
set [ find default-name=ether1 ] name="1 RENE"
set [ find default-name=ether2 ] name="2 WMC"
set [ find default-name=ether3 ] name=ether3-1
set [ find default-name=ether4 ] name=ether4-20
set [ find default-name=ether6 ] name=ether6-HAXX
set [ find default-name=ether7 ] name=ether7-VLANY
/interface ovpn-server
add comment="OVPN Simple" name=Simple1 user=Simple1
add name=Simple2 user=Simple2
add name=Simple3 user=Simple3
add name=Simple4 user=Simple4
add name=ovpn-dla-Simple user=Test
add name=ovpn-dla-it user=It
/ip neighbor discovery
set "1 RENE" discover=no
set "2 WMC" discover=no
/interface vlan
add comment=Drukarki interface=ether7-VLANY name=Drukarki vlan-id=20
add comment=Kompy interface=ether7-VLANY name=Kompy vlan-id=10
add comment=Telefony interface=ether7-VLANY name=Telefony vlan-id=30
add comment=Xpertis interface=ether7-VLANY name=Xpertis vlan-id=29
/interface list
add name=WAN
add name=LAN
add name=Simple
/ip ipsec proposal
set [ find default=yes ] enc-algorithms=aes-256-cbc,aes-128-cbc lifetime=0s pfs-group=none
/ip pool
add name=dhcp_pool0 ranges=192.168.20.230-192.168.20.250
add name=dhcp_pool1 ranges=192.168.1.21-192.168.1.60
add name=Telefony ranges=192.168.30.2-192.168.30.250
add name=VPN-IT ranges=10.10.10.13-10.10.10.15
/ip dhcp-server
add address-pool=dhcp_pool0 authoritative=after-2sec-delay disabled=no interface=ether4-20 lease-time=12h \
name=DHCP20
add address-pool=dhcp_pool1 authoritative=after-2sec-delay disabled=no interface="jedynka do expertisa" \
lease-time=12h name=DHCP1
add address-pool=Telefony authoritative=after-2sec-delay disabled=no interface=Telefony lease-time=4h name=\
Telefony
/ip pool
add name=VPN-SIMPLE next-pool=VPN-IT ranges=10.10.10.10-10.10.10.50
/ppp profile
add dns-server=192.168.10.1,8.8.8.8 local-address=10.10.10.1 name=OVPN remote-address=VPN-SIMPLE \
use-encryption=required
set *FFFFFFFE local-address=192.168.1.1 remote-address=VPN-SIMPLE
/interface bridge port
add bridge="jedynka do expertisa" interface=ether3-1
add bridge=Bridge-Simple interface=Simple1
add bridge=Bridge-Simple interface=Simple2
add bridge=Bridge-Simple interface=Simple3
add bridge=Bridge-Simple interface=Simple4
add bridge="jedynka do expertisa" interface=Xpertis
/interface bridge settings
set use-ip-firewall=yes use-ip-firewall-for-pppoe=yes use-ip-firewall-for-vlan=yes
/interface l2tp-server server
set allow-fast-path=yes authentication=mschap1,mschap2 default-profile=OVPN
/interface list member
add interface="1 RENE" list=WAN
add interface="2 WMC" list=WAN
add interface=ether4-20 list=LAN
add interface=ether3-1 list=LAN
add interface=ether6-HAXX list=LAN
add interface=Simple2 list=Simple
add interface=Simple1 list=Simple
add interface=Simple3 list=Simple
add interface=Simple4 list=Simple
add interface=ovpn-dla-Simple list=Simple
/interface ovpn-server server
set auth=sha1 certificate=SERVER cipher=aes256 default-profile=OVPN enabled=yes require-client-certificate=\
yes
/interface sstp-server server
set default-profile=default-encryption
/ip address
add address=XXX.XXX.XXX.XXX comment=RENE interface="1 RENE" network=XXX.XXX.XXX.XXX
add address=192.168.20.1/24 interface=ether4-20 network=192.168.20.0
add address=YYY.YYY.YYY.YYY comment=WMC interface="2 WMC" network=YYY.YYY.YYY.YYY
add address=192.168.1.1/24 interface="jedynka do expertisa" network=192.168.1.0
add address=192.168.10.246/24 disabled=yes interface=ether6-HAXX network=192.168.10.0
add address=192.168.30.1/24 interface=Telefony network=192.168.30.0
add address=192.168.10.1/24 disabled=yes interface=ether3-1 network=192.168.10.0
/ip cloud
set ddns-enabled=yes
/ip dhcp-server lease
add address=192.168.20.2 comment=SLICAN mac-address=B0:B3:2B:00:7B:E5 server=DHCP20
add address=192.168.20.21 comment="IBS A-1" mac-address=00:08:7B:0A:B0:3E server=DHCP20
add address=192.168.20.22 comment="IBS A-2" mac-address=00:08:7B:0A:B0:41 server=DHCP20
add address=192.168.20.23 comment="IBS A-3" mac-address=00:08:7B:0A:B0:44 server=DHCP20
add address=192.168.20.24 comment="IBS A-4" mac-address=00:08:7B:0A:B0:3C server=DHCP20
add address=192.168.20.25 comment="IBS A-5" mac-address=00:08:7B:0A:B0:3F server=DHCP20
add address=192.168.20.26 comment="IBS A-6" mac-address=00:08:7B:0A:B0:40 server=DHCP20
add address=192.168.20.27 comment="IBS B-1" mac-address=00:08:7B:0A:B0:45 server=DHCP20
add address=192.168.20.28 comment="IBS B-2" mac-address=00:08:7B:0A:AF:B8 server=DHCP20
add address=192.168.20.29 comment="IBS B-3" mac-address=00:08:7B:0A:AF:C7 server=DHCP20
add address=192.168.20.30 comment="IBS B-4" mac-address=00:08:7B:0A:AF:B7 server=DHCP20
add address=192.168.20.31 comment="IBS B-5" mac-address=00:08:7B:0A:AF:C5 server=DHCP20
add address=192.168.20.32 comment="IBS - B6" mac-address=00:08:7B:0A:AF:C6 server=DHCP20
add address=192.168.20.33 comment="IBS C-1" mac-address=00:08:7B:0A:AF:C8 server=DHCP20
add address=192.168.20.34 comment="IBS C-2" mac-address=00:08:7B:0A:AF:BF server=DHCP20
add address=192.168.20.35 comment="IBS C-3" mac-address=00:08:7B:0A:AF:C2 server=DHCP20
add address=192.168.20.36 comment="IBS C-4" mac-address=00:08:7B:0A:AF:C1 server=DHCP20
add address=192.168.20.37 comment="IBS CNC-1" mac-address=00:08:7B:0A:AF:C4 server=DHCP20
add address=192.168.20.38 comment="IBS E-1" mac-address=00:08:7B:0F:B1:3C server=DHCP20
add address=192.168.20.39 comment="IBS E-2" mac-address=00:08:7B:0F:B1:3F server=DHCP20
add address=192.168.20.40 comment="IBS Y-1-FRONT" mac-address=00:08:7B:10:BB:3C server=DHCP20
add address=192.168.20.41 comment="IBS Y-2-\8CRODEK" mac-address=00:08:7B:10:BB:0F server=DHCP20
add address=192.168.20.42 comment="IBS Y-3-TY\A3" mac-address=00:08:7B:10:BB:67 server=DHCP20
add address=192.168.1.201 comment="XPERTIS TEST" mac-address=00:25:22:71:E6:F2 server=DHCP1
add address=192.168.1.2 mac-address=00:07:E9:30:F0:11 server=DHCP1
add address=192.168.1.3 mac-address=00:04:23:E0:5D:61 server=DHCP1
add address=192.168.1.6 comment=DELL-R510 mac-address=78:2B:CB:4B:A4:C6 server=DHCP1
add address=192.168.1.7 mac-address=00:10:74:61:22:7B server=DHCP1
add address=192.168.1.10 mac-address=60:67:20:6B:BF:24 server=DHCP1
add address=192.168.1.14 mac-address=A0:88:B4:16:E0:84 server=DHCP1
add address=192.168.1.20 mac-address=00:1D:AA:2F:C6:E0 server=DHCP1
/ip dhcp-server network
add address=192.168.1.0/24 gateway=192.168.1.1
add address=192.168.20.0/24 gateway=192.168.20.1
add address=192.168.30.0/24 gateway=192.168.30.1
/ip dns
set servers=8.8.8.8,XXX.XXX.XXX.XXX,ZZZ.ZZZ.ZZZ.ZZZ
/ip firewall address-list
add address=192.168.30.2-192.168.30.254 comment="Ip Telefon\F3w podsieci 30 przekierowane na Rene" list=\
Telefony_na_rene
/ip firewall filter
add action=accept chain=input comment="Zezwolenie na VPN" dst-port=1194 protocol=tcp
add action=accept chain=forward disabled=yes dst-address=192.168.10.0/24 src-address=192.168.20.0/24
add action=accept chain=forward disabled=yes dst-address=192.168.20.0/24 src-address=192.168.10.0/24
add action=drop chain=forward comment="Blokowanie wyszukiwania 30 przez 10" dst-address=192.168.30.0/24 \
src-address=192.168.10.0/24
add action=drop chain=forward comment="Blokowanie wyszukiwania 30 przez 20" dst-address=192.168.30.0/24 \
src-address=192.168.20.0/24
add action=drop chain=forward comment="Blokowanie wyszukiwania 30 przez 1" dst-address=192.168.30.0/24 \
src-address=192.168.1.0/24
add action=drop chain=forward comment="Blokowanie 30 dost\EApu do 1" dst-address=192.168.1.0/24 src-address=\
192.168.30.0/24
add action=drop chain=forward comment="Blokowanie 30 dost\EApu do 10" dst-address=192.168.10.0/24 \
src-address=192.168.30.0/24
add action=drop chain=forward comment="Blokowanie 30 dost\EApu do 20" dst-address=192.168.20.0/24 \
src-address=192.168.30.0/24
add action=accept chain=forward disabled=yes dst-address=192.168.10.0/24 src-address=192.168.1.0/24
add action=accept chain=forward disabled=yes dst-address=192.168.20.0/24 src-address=192.168.1.0/24
add action=accept chain=forward disabled=yes dst-address=192.168.1.0/24 src-address=192.168.10.0/24
add action=accept chain=forward dst-address=192.168.1.6 src-address=192.168.10.0/24
add action=accept chain=forward disabled=yes dst-address=192.168.1.0/24 src-address=192.168.20.0/24
add action=accept chain=forward disabled=yes dst-address=192.168.1.6 src-address=192.168.20.0/24
add action=accept chain=forward disabled=yes dst-address=192.168.20.0/24 src-address=192.168.1.6
add action=accept chain=input dst-port=1701 protocol=udp
add action=accept chain=input dst-port=500 protocol=udp
add action=accept chain=input dst-port=4500 protocol=udp
add action=accept chain=input protocol=ipsec-ah
add action=accept chain=input protocol=ipsec-ah
add action=accept chain=forward disabled=yes dst-address=192.168.10.0/24 src-address=10.10.10.0/24
add action=accept chain=forward disabled=yes dst-address=10.10.10.0/24 src-address=192.168.10.0/24
add action=drop chain=forward comment="Simple -> do 730" dst-address=!192.168.10.10 dst-port=!3389 \
in-interface-list=Simple protocol=tcp
add action=drop chain=forward comment="Simple -> do 730" dst-address=!192.168.10.10 dst-port=!3389 \
in-interface-list=Simple protocol=udp
add action=drop chain=forward comment="Simple -> do 730" disabled=yes in-interface-list=Simple src-address=\
!192.168.10.10
add action=drop chain=input comment="Simple -> do 730" disabled=yes in-interface-list=Simple src-address=\
!192.168.10.10
add action=accept chain=forward dst-address=192.168.10.0/24 src-address=192.168.1.6
/ip firewall mangle
add action=mark-routing chain=prerouting new-routing-mark=telefony_rene passthrough=yes src-address=\
192.168.30.0/24
/ip firewall nat
add action=masquerade chain=srcnat comment="Telefony Rene -> dost\EAp do internetu (Maskarada)" \
src-address-list=Telefony_na_rene to-addresses=193.239.126.181
add action=masquerade chain=srcnat comment="WAN1 -> Maskarada" out-interface="1 RENE"
add action=masquerade chain=srcnat comment=WAN2 out-interface="2 WMC"
add action=masquerade chain=srcnat src-address=192.168.20.0/24
add action=masquerade chain=srcnat out-interface="jedynka do expertisa" src-address=192.168.1.0/24
add action=masquerade chain=srcnat src-address=192.168.10.0/24
add action=masquerade chain=srcnat comment="Maskarada dla VPN/L2TP" src-address=10.10.10.0/24
add action=dst-nat chain=dstnat comment="XPERTIS R520 5580 RENE " dst-port=5580 in-interface="1 RENE" \
protocol=tcp to-addresses=192.168.1.6 to-ports=5580
add action=dst-nat chain=dstnat comment="XPERTIS R520 5580 WMC" dst-port=5580 in-interface="2 WMC" protocol=\
tcp to-addresses=192.168.1.6 to-ports=5580
add action=dst-nat chain=dstnat comment="IBS WMC" disabled=yes dst-port=13021-13042 in-interface="2 WMC" \
protocol=tcp to-addresses=192.168.20.21-192.168.20.42 to-ports=80
add action=dst-nat chain=dstnat comment="IBS RENE" disabled=yes dst-port=13021-13042 in-interface="1 RENE" \
protocol=tcp to-addresses=192.168.20.21-192.168.20.42 to-ports=80
add action=dst-nat chain=dstnat comment="RDP SQLTEST" dst-port=14000 in-interface="2 WMC" protocol=tcp \
to-addresses=192.168.20.220 to-ports=3389
add action=dst-nat chain=dstnat comment="CENTRALA SLICAN" dst-port=5525 in-interface="2 WMC" protocol=tcp \
to-addresses=192.168.20.2 to-ports=5525
add action=dst-nat chain=dstnat comment="TESTOWY EXPERTIS 80" dst-port=12503 in-interface="2 WMC" protocol=\
tcp to-addresses=192.168.1.201 to-ports=80
add action=dst-nat chain=dstnat comment=SATEL dst-port=7090 in-interface="2 WMC" protocol=tcp to-addresses=\
192.168.1.6 to-ports=7090
add action=dst-nat chain=dstnat comment="XPERTIS 80 WEB SERVICE" dst-port=12502 in-interface="2 WMC" \
protocol=tcp to-addresses=192.168.1.6 to-ports=12502
add action=dst-nat chain=dstnat comment=RS812+HTTPS dst-port=5001 in-interface="2 WMC" protocol=tcp \
to-addresses=192.168.1.6 to-ports=5001
add action=dst-nat chain=dstnat comment="RDP TEST EXPERTIS" dst-port=12500 in-interface="2 WMC" protocol=tcp \
to-addresses=192.168.1.201 to-ports=12500
add action=dst-nat chain=dstnat comment=AXENCE dst-port=4436 in-interface="2 WMC" protocol=tcp to-addresses=\
192.168.1.6 to-ports=4436
add action=dst-nat chain=dstnat comment="RDP DELL-R520" dst-port=3989 in-interface="2 WMC" protocol=tcp \
to-addresses=192.168.1.6 to-ports=3989
add action=dst-nat chain=dstnat comment="POE SWITCH" disabled=yes dst-port=13043-13048 in-interface="2 WMC" \
protocol=tcp to-addresses=192.168.20.11-192.168.20.16 to-ports=80
add action=dst-nat chain=dstnat comment="TESTOWY EXPERTIS 5580" dst-port=12501 in-interface="2 WMC" \
protocol=tcp to-addresses=192.168.1.201 to-ports=5580
add action=dst-nat chain=dstnat comment="ZEWN\CATRZNE R730" dst-port=12505 in-interface="2 WMC" protocol=tcp \
to-addresses=192.168.1.6 to-ports=12505
add action=dst-nat chain=dstnat comment="DELL R510 14283 WMC" dst-port=14283 in-interface="2 WMC" protocol=\
tcp to-addresses=192.168.1.6 to-ports=14283
add action=dst-nat chain=dstnat comment="DELL R510 14283 RENE" dst-port=14283 in-interface="1 RENE" \
protocol=tcp to-addresses=192.168.1.6 to-ports=14283
add action=dst-nat chain=dstnat comment="IBS WMC 1" disabled=yes dst-port=13021 in-interface="2 WMC" \
protocol=tcp to-addresses=192.168.20.21 to-ports=80
add action=dst-nat chain=dstnat comment="IBS WMC 2" disabled=yes dst-port=13022 in-interface="2 WMC" \
protocol=tcp to-addresses=192.168.20.22 to-ports=80
add action=dst-nat chain=dstnat comment="IBS WMC 3" disabled=yes dst-port=13023 in-interface="2 WMC" \
protocol=tcp to-addresses=192.168.20.23 to-ports=80
add action=dst-nat chain=dstnat comment="IBS WMC 4" disabled=yes dst-port=13024 in-interface="2 WMC" \
protocol=tcp to-addresses=192.168.20.24 to-ports=80
add action=dst-nat chain=dstnat comment="IBS WMC 5" disabled=yes dst-port=13025 in-interface="2 WMC" \
protocol=tcp to-addresses=192.168.20.25 to-ports=80
add action=dst-nat chain=dstnat comment="IBS WMC 6" disabled=yes dst-port=13026 in-interface="2 WMC" \
protocol=tcp to-addresses=192.168.20.26 to-ports=80
add action=dst-nat chain=dstnat comment="IBS WMC 7" disabled=yes dst-port=13027 in-interface="2 WMC" \
protocol=tcp to-addresses=192.168.20.27 to-ports=80
add action=dst-nat chain=dstnat comment="IBS WMC 8" disabled=yes dst-port=13028 in-interface="2 WMC" \
protocol=tcp to-addresses=192.168.20.28 to-ports=80
add action=dst-nat chain=dstnat comment="IBS WMC 9" disabled=yes dst-port=13029 in-interface="2 WMC" \
protocol=tcp to-addresses=192.168.20.29 to-ports=80
add action=dst-nat chain=dstnat comment="IBS WMC 10" disabled=yes dst-port=13030 in-interface="2 WMC" \
protocol=tcp to-addresses=192.168.20.30 to-ports=80
add action=dst-nat chain=dstnat comment="IBS WMC 11" disabled=yes dst-port=13031 in-interface="2 WMC" \
protocol=tcp to-addresses=192.168.20.31 to-ports=80
add action=dst-nat chain=dstnat comment="IBS WMC 12" disabled=yes dst-port=13032 in-interface="2 WMC" \
protocol=tcp to-addresses=192.168.20.32 to-ports=80
add action=dst-nat chain=dstnat comment="IBS WMC 13" disabled=yes dst-port=13033 in-interface="2 WMC" \
protocol=tcp to-addresses=192.168.20.33 to-ports=80
add action=dst-nat chain=dstnat comment="IBS WMC 14" disabled=yes dst-port=13034 in-interface="2 WMC" \
protocol=tcp to-addresses=192.168.20.34 to-ports=80
add action=dst-nat chain=dstnat comment="IBS WMC 15" disabled=yes dst-port=13035 in-interface="2 WMC" \
protocol=tcp to-addresses=192.168.20.35 to-ports=80
add action=dst-nat chain=dstnat comment="IBS WMC 16" disabled=yes dst-port=13036 in-interface="2 WMC" \
protocol=tcp to-addresses=192.168.20.36 to-ports=80
add action=dst-nat chain=dstnat comment="IBS WMC 17" disabled=yes dst-port=13037 in-interface="2 WMC" \
protocol=tcp to-addresses=192.168.20.37 to-ports=80
add action=dst-nat chain=dstnat comment="IBS WMC 18" disabled=yes dst-port=13038 in-interface="2 WMC" \
protocol=tcp to-addresses=192.168.20.38 to-ports=80
add action=dst-nat chain=dstnat comment="IBS WMC 19" disabled=yes dst-port=13039 in-interface="2 WMC" \
protocol=tcp to-addresses=192.168.20.39 to-ports=80
add action=dst-nat chain=dstnat comment="IBS WMC 20" disabled=yes dst-port=13040 in-interface="2 WMC" \
protocol=tcp to-addresses=192.168.20.40 to-ports=80
add action=dst-nat chain=dstnat comment="IBS WMC 21" disabled=yes dst-port=13041 in-interface="2 WMC" \
protocol=tcp to-addresses=192.168.20.41 to-ports=80
add action=dst-nat chain=dstnat comment="IBS RENE 1" disabled=yes dst-port=13021 in-interface="1 RENE" \
protocol=tcp to-addresses=192.168.20.21 to-ports=80
add action=dst-nat chain=dstnat comment="IBS RENE 2" disabled=yes dst-port=13022 in-interface="1 RENE" \
protocol=tcp to-addresses=192.168.20.22 to-ports=80
add action=dst-nat chain=dstnat comment="IBS RENE 3" disabled=yes dst-port=13023 in-interface="1 RENE" \
protocol=tcp to-addresses=192.168.20.23 to-ports=80
add action=dst-nat chain=dstnat comment="IBS RENE 4" disabled=yes dst-port=13024 in-interface="1 RENE" \
protocol=tcp to-addresses=192.168.20.24 to-ports=80
add action=dst-nat chain=dstnat comment="IBS RENE 5" disabled=yes dst-port=13025 in-interface="1 RENE" \
protocol=tcp to-addresses=192.168.20.25 to-ports=80
add action=dst-nat chain=dstnat comment="IBS RENE 6" disabled=yes dst-port=13026 in-interface="1 RENE" \
protocol=tcp to-addresses=192.168.20.26 to-ports=80
add action=dst-nat chain=dstnat comment="IBS RENE 7" disabled=yes dst-port=13027 in-interface="1 RENE" \
protocol=tcp to-addresses=192.168.20.27 to-ports=80
add action=dst-nat chain=dstnat comment="IBS RENE 8" disabled=yes dst-port=13028 in-interface="1 RENE" \
protocol=tcp to-addresses=192.168.20.28 to-ports=80
add action=dst-nat chain=dstnat comment="IBS RENE 9" disabled=yes dst-port=13029 in-interface="1 RENE" \
protocol=tcp to-addresses=192.168.20.29 to-ports=80
add action=dst-nat chain=dstnat comment="IBS RENE 10" disabled=yes dst-port=13030 in-interface="1 RENE" \
protocol=tcp to-addresses=192.168.20.30 to-ports=80
add action=dst-nat chain=dstnat comment="IBS RENE 11" disabled=yes dst-port=13031 in-interface="1 RENE" \
protocol=tcp to-addresses=192.168.20.31 to-ports=80
add action=dst-nat chain=dstnat comment="IBS RENE 12" disabled=yes dst-port=13032 in-interface="1 RENE" \
protocol=tcp to-addresses=192.168.20.32 to-ports=80
add action=dst-nat chain=dstnat comment="IBS RENE 13" disabled=yes dst-port=13033 in-interface="1 RENE" \
protocol=tcp to-addresses=192.168.20.33 to-ports=80
add action=dst-nat chain=dstnat comment="IBS RENE 14" disabled=yes dst-port=13034 in-interface="1 RENE" \
protocol=tcp to-addresses=192.168.20.34 to-ports=80
add action=dst-nat chain=dstnat comment="IBS RENE 15" disabled=yes dst-port=13035 in-interface="1 RENE" \
protocol=tcp to-addresses=192.168.20.35 to-ports=80
add action=dst-nat chain=dstnat comment="IBS RENE 16" disabled=yes dst-port=13036 in-interface="1 RENE" \
protocol=tcp to-addresses=192.168.20.36 to-ports=80
add action=dst-nat chain=dstnat comment="IBS RENE 17" disabled=yes dst-port=13037 in-interface="1 RENE" \
protocol=tcp to-addresses=192.168.20.37 to-ports=80
add action=dst-nat chain=dstnat comment="IBS RENE 18" disabled=yes dst-port=13038 in-interface="1 RENE" \
protocol=tcp to-addresses=192.168.20.38 to-ports=80
add action=dst-nat chain=dstnat comment="IBS RENE 19" disabled=yes dst-port=13039 in-interface="1 RENE" \
protocol=tcp to-addresses=192.168.20.39 to-ports=80
add action=dst-nat chain=dstnat comment="IBS RENE 20" disabled=yes dst-port=13040 in-interface="1 RENE" \
protocol=tcp to-addresses=192.168.20.40 to-ports=80
add action=dst-nat chain=dstnat comment="IBS RENE 21" disabled=yes dst-port=13041 in-interface="1 RENE" \
protocol=tcp to-addresses=192.168.20.41 to-ports=80
add action=dst-nat chain=dstnat comment="IBS RENE 22" disabled=yes dst-port=13042 in-interface="1 RENE" \
protocol=tcp to-addresses=192.168.20.42 to-ports=80
add action=dst-nat chain=dstnat comment="IBS RENE 22" disabled=yes dst-port=13042 in-interface="2 WMC" \
protocol=tcp to-addresses=192.168.20.42 to-ports=80
/ip ipsec peer
add address=0.0.0.0/0 dh-group=modp2048 enc-algorithm=aes-256,aes-128,3des exchange-mode=main-l2tp \
generate-policy=port-override
/ip route
add check-gateway=ping comment="Rene tagowane - telefony" distance=1 gateway=XXX.XXX.XXX.XXX routing-mark=\
telefony_rene
add check-gateway=ping comment="WMC nie tagowane" distance=1 gateway=YYY.YYY.YYY.YYY
add check-gateway=ping comment="Rene nie tagowane" distance=4 gateway=XXX.XXX.XXX.XXX
add distance=1 dst-address=192.168.10.0/24 gateway=192.168.1.6
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes port=55313
set ssh disabled=yes
set winbox address=0.0.0.0/0 port=55314
/mpls interface
add mpls-mtu=1522
/ppp secret
add name=vpn profile=default-encryption
add name=Test profile=OVPN
add name=It profile=OVPN
add name=Grzegorz profile=OVPN service=ovpn
add name=Simple1 profile=OVPN service=ovpn
add name=Simple2 profile=OVPN service=ovpn
add name=Simple3 profile=OVPN service=ovpn
add name=Simple4 profile=OVPN service=ovpn
/routing rip interface
add send=v1-2
/system clock
set time-zone-name=Europe/Warsaw
/system ntp client
set enabled=yes primary-ntp=80.50.231.226 secondary-ntp=194.29.130.252
#error exporting /system routerboard mode-button
Last edited by Neski on Mon Aug 14, 2017 1:55 pm, edited 1 time in total.
Re: MT CCR + WinSrv2008R2 as router = problem with propely setting
Then you need to assign one, eg 192.168.10.254/24 on ether interface facing SG500. Any host having just one connection in the 192.168.10.x/24 range will need 192.168.10.254 as default gateway, so you'll need to modify DHCP Server at 192.168.10.1 to hand out 192.168.10.254 as gateway.
Re: MT CCR + WinSrv2008R2 as router = problem with propely setting
WinSvr2008R2 and Mikrotik are Router's.Then you need to assign one, eg 192.168.10.254/24 on ether interface facing SG500. Any host having just one connection in the 192.168.10.x/24 range will need 192.168.10.254 as default gateway, so you'll need to modify DHCP Server at 192.168.10.1 to hand out 192.168.10.254 as gateway.
Mikrotik connection to WinSvr2008R2 is WAN connection for M$Srv.(192.168.1.6)
Link - 192.168.10.246 is a something what we want to remove.
How to fully route Mikrotik with M$Svr2008R2?
Re: MT CCR + WinSrv2008R2 as router = problem with propely setting
Without connection from SG500 to Mikrotik i have something like this picture.. idk whyThen you need to assign one, eg 192.168.10.254/24 on ether interface facing SG500. Any host having just one connection in the 192.168.10.x/24 range will need 192.168.10.254 as default gateway, so you'll need to modify DHCP Server at 192.168.10.1 to hand out 192.168.10.254 as gateway.
You do not have the required permissions to view the files attached to this post.
Re: MT CCR + WinSrv2008R2 as router = problem with propely setting
I don't know either, where is 192.168.20.2 supposed to be?
I am afraid you need to do some cleanup.
Cannot understand either why the need of the M$ routing at all, you'd better have one single router to act as default gateway for all the network, it will simplify management and avoid routing loops.
For that same reason, optimal DHCP server placement will be the mikrotik.
I am afraid you need to do some cleanup.
Cannot understand either why the need of the M$ routing at all, you'd better have one single router to act as default gateway for all the network, it will simplify management and avoid routing loops.
For that same reason, optimal DHCP server placement will be the mikrotik.
Re: MT CCR + WinSrv2008R2 as router = problem with propely setting
We bought mikrotik 2-1 month ago and we prepare to cleanup.I don't know either, where is 192.168.20.2 supposed to be?
I am afraid you need to do some cleanup.
Cannot understand either why the need of the M$ routing at all, you'd better have one single router to act as default gateway for all the network, it will simplify management and avoid routing loops.
For that same reason, optimal DHCP server placement will be the mikrotik.
192.168.20.2 supposed to be connected to D-Link switch
We afraid a little to remove routing from M$ cause we don't have spare domain controller and we don't know how to M$ behave after remove routing and second networkcard ..
Re: MT CCR + WinSrv2008R2 as router = problem with propely setting [SOLVED]
In that case:We afraid a little to remove routing from M$ cause we don't have spare domain controller and we don't know how to M$ behave after remove routing and second networkcard ..
1.- Connect M$ 192.168.10.1 ethernet card to a Mikrotik ether port, say etherX
2.- Create a bridge, and add: etherX and the mikrotik ether port being connected to Cisco SG500
3.- Assign 192.168.10.254/24 to that bridge
4.- Modify DHCP server as I specified on previous post regarding DHCP (setting 192.168.10.254 as default gateway).
Doing this all PCs will be able to reach all subnets, as long as the proper gateway is set on them depending on subnet, e.g. if 192.168.20.1, 192.168.1.1 and 192.168.10.254 are assigned on Mikrotik router:
- All Devices (PCs or L3 switches) on 192.168.1.0/24 subnet should have 192.168.1.1 as default gateway
- All Devices (PCs or L3 switches) on 192.168.10.0/24 subnet should have 192.168.10.254 as default gateway
- All Devices (PCs or L3 switches) on 192.168.20.0/24 subnet should have 192.168.20.1 as default gateway
Re: MT CCR + WinSrv2008R2 as router = problem with propely setting
So You suggest to connect M$ server with two phisical interfaces? Connect from MT->M$ as 192.168.1.6 and from 192.168.10.1 (M$) -> MT ?In that case:We afraid a little to remove routing from M$ cause we don't have spare domain controller and we don't know how to M$ behave after remove routing and second networkcard ..
1.- Connect M$ 192.168.10.1 ethernet card to a Mikrotik ether port, say etherX
2.- Create a bridge, and add: etherX and the mikrotik ether port being connected to Cisco SG500
3.- Assign 192.168.10.254/24 to that bridge
4.- Modify DHCP server as I specified on previous post regarding DHCP (setting 192.168.10.254 as default gateway).
Doing this all PCs will be able to reach all subnets, as long as the proper gateway is set on them depending on subnet, e.g. if 192.168.20.1, 192.168.1.1 and 192.168.10.254 are assigned on Mikrotik router:
- All Devices (PCs or L3 switches) on 192.168.1.0/24 subnet should have 192.168.1.1 as default gateway
- All Devices (PCs or L3 switches) on 192.168.10.0/24 subnet should have 192.168.10.254 as default gateway
- All Devices (PCs or L3 switches) on 192.168.20.0/24 subnet should have 192.168.20.1 as default gateway
M$Svr is getting internet from MT interface 192.168.1.6
Re: MT CCR + WinSrv2008R2 as router = problem with propely setting
Yes. You don't want to disable them, isn't it?
After doing it, you can test by disabling one of the interfaces, more specifically the one with 192.168.1.x/24 addressing, as I assume LAN PCs are in the 192.168.10.x range.
As long as you set the default gateway on M$ as 192.168.10.254 M$ will reach Internet fine. Watch out for any firewall rules.
After doing it, you can test by disabling one of the interfaces, more specifically the one with 192.168.1.x/24 addressing, as I assume LAN PCs are in the 192.168.10.x range.
As long as you set the default gateway on M$ as 192.168.10.254 M$ will reach Internet fine. Watch out for any firewall rules.
Re: MT CCR + WinSrv2008R2 as router = problem with propely setting
Yes, LAN PC's are in 192.168.10.X range. We will test this solution soonYes. You don't want to disable them, isn't it?
After doing it, you can test by disabling one of the interfaces, more specifically the one with 192.168.1.x/24 addressing, as I assume LAN PCs are in the 192.168.10.x range.
Re: MT CCR + WinSrv2008R2 as router = problem with propely setting
Your comment helped us a lot. It gives us a solution to our problem so we can solve it. Thank You again for fast anwserYes. You don't want to disable them, isn't it?
After doing it, you can test by disabling one of the interfaces, more specifically the one with 192.168.1.x/24 addressing, as I assume LAN PCs are in the 192.168.10.x range.
As long as you set the default gateway on M$ as 192.168.10.254 M$ will reach Internet fine. Watch out for any firewall rules.
