Community discussions

MikroTik App
 
John2k
just joined
Topic Author
Posts: 7
Joined: Thu Feb 28, 2019 6:34 pm

IPSec Tunnel site to Site issue

Fri Jul 23, 2021 12:11 am

Hi
I am trying to configure site to site with IPSec Tunnel connection, I can see both sites are established (showing on the PH2 State).
Here is the environment:
HQ-A:
Subnet: 192.168.40.0
MK router (RBLtAP-2HnD): 192.168.40.1 (Bridge)
Bridge: ether1 and wlan1
There is a PC connected to ether1 with IP 192.168.40.79
There is a USB LTE modem with static IP connected to USB port. In the interfaces, it shows as lte2.
Firewall-: Chain: srcnat, src addr: 172.100.40.0/24, dst addr: 192.168.40.0/24, Action: Accept
Firewall-2: Chain: srcnat, Out interface: lte2, Action: Masquerade

HQ-B:
Subnet: 172.100.40.0
Fortinet router (Forti-60E): 172.100.40.1
There is a PC connected to the router: 172.100.40.211

I can see from both sites, the IPSec tunnel is connected.
  • from the MK router (192.168.40.1), it can ping the remote gateway (172.100.40.1) and the PC (172.100.40.211) behind the router.
    The PC (192.168.40.79) can ping the remote gateway 172.100.40.1 and 172.100.40.211.
    from the Forti-60E router (172.100.40.1), it can ping the remote gateway (192.168.40.1), but it cannot ping the PC (192.168.40.79).
    The PC (172.100.40.211) behind the Forti-60E router can ping the router (192.168.40.1), but it cannot ping the PC (192.168.40.79)
Where do I need to configure on Mikrotik router to allow 172.100.40.0 accessing 192.168.40.0?
At the moment, the PC 172.100.40.211 cannot access 192.168.40.79.
Is there a live view to see incoming packets from 172.100.40.0, port 500?

Please let me know what do I need to do.

Thanks,
 
User avatar
feranmi
just joined
Posts: 14
Joined: Tue Aug 20, 2019 11:11 am
Location: Surulere, Lagos

Re: IPSec Tunnel site to Site issue

Mon Jul 26, 2021 5:13 pm

Basically, the source address configuration on the HQ-A, should be 192.168.40.0/24 while the destination address should be 172.100.40.0/24.
Do apply this and revert if it works.
 
John2k
just joined
Topic Author
Posts: 7
Joined: Thu Feb 28, 2019 6:34 pm

Re: IPSec Tunnel site to Site issue

Wed Jul 28, 2021 8:29 pm

Sorry for the late reply, i changed the source and destination IP addresses. It did not help, then found out that Windows 10 has a firewall policy on and the echo back was not enabled. Turned the echo back on, it is working now. Able to access remote PC now.

Thanks for your help.

J.

Who is online

Users browsing this forum: Google [Bot] and 50 guests