Community discussions

 
r1spekt93
just joined
Topic Author
Posts: 4
Joined: Sat Jan 20, 2018 1:51 pm

Establishing VPN trough Mikrotik RB2011iLS-in

Sat Jan 20, 2018 2:05 pm

Hello.
Some time ago decided to replace my home ASUS RTN12 to Mikrotik RB2011iLS-in.
Configiration on Mikrotik - standart. Just local DHCP 192.168.1.101-200 and masquerade to get access from local to internet.

Some times I need to be able to connect from home to my corporate-network from corporate-laptop.
For this there is Cisco VPN-Client installed on Laptop.
So just after I replace my simple ASUS router i faced with problem - I can`t establish VPN-connection trough Mikrotik to access corporate Netwrok.
If I put back ASUS - everything OK, so it isn`t provider issue, it is smth wrong with configuration.
What should to be configured to allow VPN connection from my local 192.168.1.0/24 to corporate-netwrok trough Mikrotik using Cisco VPN client on Laptop.
 
User avatar
matiaszon
Member
Member
Posts: 305
Joined: Mon Jul 09, 2012 9:26 am

Re: Establishing VPN trough Mikrotik RB2011iLS-in

Mon Jan 22, 2018 11:08 pm

Does it mean, that you have some Cisco device running VPN server in your corporate network? If so, you probably need to set MikroTik to accept and/or passthrough protocols and/or set up port forwarding to the server.
 
r1spekt93
just joined
Topic Author
Posts: 4
Joined: Sat Jan 20, 2018 1:51 pm

Re: Establishing VPN trough Mikrotik RB2011iLS-in

Tue Jan 23, 2018 8:20 pm

Thank you for your reply.
Yes, there is Cisco firewalls in corporate netwrok.

I have Cisco VPN client on my corporate computer and profile to connect.
Problem that simle ASUS allow to connect to it and my Mikrotik router no.
I understand that smth miss/nonconfigured on Mikrotik.
Could you help to understand which protocols I need to accept or which rule i have to correct or add?

[Admin@RT_209] > /ip firewall nat print
Flags: X - disabled, I - invalid, D - dynamic
0 chain=srcnat action=masquerade src-address=192.168.1.0/24
dst-address=0.0.0.0/0 out-interface=Rostelecom log=no log-prefix=""

1 D ;;; upnp 192.168.1.120: 192.168.1.120:9308 to 9308 (UDP)
chain=dstnat action=dst-nat to-addresses=192.168.1.120 to-ports=9308
protocol=udp dst-address=77.51.93.98 in-interface=Rostelecom
dst-port=9308

2 D ;;; upnp 192.168.1.120: EA Tunnel
chain=dstnat action=dst-nat to-addresses=192.168.1.120 to-ports=3659
protocol=udp dst-address=77.51.93.98 in-interface=Rostelecom
dst-port=3659

/ip firewall service-port print
Flags: X - disabled, I - invalid
# NAME PORTS
0 ftp 21
1 tftp 69
2 irc 6667
3 h323
4 sip 5060
5061
5 pptp
6 udplite
7 dccp
8 sctp
 
r1spekt93
just joined
Topic Author
Posts: 4
Joined: Sat Jan 20, 2018 1:51 pm

Re: Establishing VPN trough Mikrotik RB2011iLS-in

Tue Jan 23, 2018 8:44 pm

/ip route print
Flags: X - disabled, A - active, D - dynamic,
C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme,
B - blackhole, U - unreachable, P - prohibit
# DST-ADDRESS PREF-SRC GATEWAY DISTANCE
0 ADS 0.0.0.0/0 Rostelecom 0
1 ADC 192.168.1.0/24 192.168.1.1 BR1-LAN 0
2 ADC 213.140.228.144/32 77.51.93.98 Rostelecom 0
 
r1spekt93
just joined
Topic Author
Posts: 4
Joined: Sat Jan 20, 2018 1:51 pm

Re: Establishing VPN trough Mikrotik RB2011iLS-in

Mon Jan 29, 2018 7:24 pm

Guys, no ideas?

Who is online

Users browsing this forum: No registered users and 40 guests