Page 1 of 1

Establishing VPN trough Mikrotik RB2011iLS-in

Posted: Sat Jan 20, 2018 2:05 pm
by r1spekt93
Some time ago decided to replace my home ASUS RTN12 to Mikrotik RB2011iLS-in.
Configiration on Mikrotik - standart. Just local DHCP and masquerade to get access from local to internet.

Some times I need to be able to connect from home to my corporate-network from corporate-laptop.
For this there is Cisco VPN-Client installed on Laptop.
So just after I replace my simple ASUS router i faced with problem - I can`t establish VPN-connection trough Mikrotik to access corporate Netwrok.
If I put back ASUS - everything OK, so it isn`t provider issue, it is smth wrong with configuration.
What should to be configured to allow VPN connection from my local to corporate-netwrok trough Mikrotik using Cisco VPN client on Laptop.

Re: Establishing VPN trough Mikrotik RB2011iLS-in

Posted: Mon Jan 22, 2018 11:08 pm
by matiaszon
Does it mean, that you have some Cisco device running VPN server in your corporate network? If so, you probably need to set MikroTik to accept and/or passthrough protocols and/or set up port forwarding to the server.

Re: Establishing VPN trough Mikrotik RB2011iLS-in

Posted: Tue Jan 23, 2018 8:20 pm
by r1spekt93
Thank you for your reply.
Yes, there is Cisco firewalls in corporate netwrok.

I have Cisco VPN client on my corporate computer and profile to connect.
Problem that simle ASUS allow to connect to it and my Mikrotik router no.
I understand that smth miss/nonconfigured on Mikrotik.
Could you help to understand which protocols I need to accept or which rule i have to correct or add?

[Admin@RT_209] > /ip firewall nat print
Flags: X - disabled, I - invalid, D - dynamic
0 chain=srcnat action=masquerade src-address=
dst-address= out-interface=Rostelecom log=no log-prefix=""

1 D ;;; upnp to 9308 (UDP)
chain=dstnat action=dst-nat to-addresses= to-ports=9308
protocol=udp dst-address= in-interface=Rostelecom

2 D ;;; upnp EA Tunnel
chain=dstnat action=dst-nat to-addresses= to-ports=3659
protocol=udp dst-address= in-interface=Rostelecom

/ip firewall service-port print
Flags: X - disabled, I - invalid
0 ftp 21
1 tftp 69
2 irc 6667
3 h323
4 sip 5060
5 pptp
6 udplite
7 dccp
8 sctp

Re: Establishing VPN trough Mikrotik RB2011iLS-in

Posted: Tue Jan 23, 2018 8:44 pm
by r1spekt93
/ip route print
Flags: X - disabled, A - active, D - dynamic,
C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme,
B - blackhole, U - unreachable, P - prohibit
0 ADS Rostelecom 0
2 ADC Rostelecom 0

Re: Establishing VPN trough Mikrotik RB2011iLS-in

Posted: Mon Jan 29, 2018 7:24 pm
by r1spekt93
Guys, no ideas?