Community discussions

MikroTik App
  4. RouterOS
  5. Beginner Basics

traversing ip tunnel

Locked
 
frankc
newbie
Topic Author
Posts: 25
Joined: Fri Oct 04, 2013 4:53 pm

traversing ip tunnel

Sat Oct 12, 2013 8:01 pm

ive got an ip tunnel up (ip sec disabled for now) untill it works



Im trying to connect a tunnel with ips (10.10.x.x) between devices in locations (computers/printers etc) to the devices in HQ network (server 2008)



network topology



MK1=Microtik 2011 uas (HQ) default port setup ether1 upstream , ether 2-3-4-5 bridged to ether2 and 6+switched as master/slave

MKX=Microtik 951's (satelite offices) ports 1 upstream , ether-2-3-4-5 slaved of ether2



Office HQ



Cisco router 4 ports all open no FW, all ips all ports connected to upstream

CISCO WAN 70.X.X.41/248

using 70.X.X.43 and .45



CURRENT OPERATIONAL:

i have a network up where all devices in LAN of HQ are 192.168.1.0/24 or 192.168.2.0/24

they have GW of 70.X.X.45



not to break existing setup i bringing up a network in parallel



HQ

MK1 WAN 70.X.X.43

LAN 192.168.88.1



officeremote1

MKX WAN 173.X.X.6

LAN 192.168.88.1



i put an ipip tunnel between HQ and officeremote1



HQ tunnel1 172.16.1.1

officeremote1 172.16.2.1



I can ping each side.



then i added ip's

10.10.1.1/16 to HQ tunnel1 interface

10.10.2.1/24 to officeremote1 tunnel1 interface



i can ping both sides ( altouth sometimes i need to reverse ping ( from HQ to remote for the tunnel to get up.....VERY annoying any way to keep them up ?)



on HQ side i got a NAS with ip 10.10.1.100 on port ether2

on office remote i added 10.10.2.2 on laptop nic LAN, and 192.168.88.251 as wifi to be able to work on all this ;)



from officeremote1:

from laptop i can ping 10.10.1.1

i cannot ping 10.10.1.100 ( route problem ?)

nor 10.10.2.2 laptop



from the router remote MKX i can ping the hq 10.10.1.1 MK1 and the nas 10.10.1.100 behind it

so the router can traverse



from HQ router MK1

i can ping 10.10.2.1 remote router

i cannot ping 10.10.2.2 remote (laptop) i get redirect hosts and 100% loss ( from 172.16.1.2 and 1.1)





router from HQ show



Dynamic 10.10.0.0/16 tunnel1 reachable

Status 10.10.2.0/24 172.16.2.1 reachable tunnel1



and from remote



Dynamic 10.10.2.0/24 tunnel1 reachable

Status 10.10.1.0/24 172.16.1.1 reachable tunnel1





i think i need src nat or something, but not sure, as even when i enable those i get same results..



Any idea ?
Top
Locked

Who is online

Users browsing this forum: Strange0ne, trmns, webnoob and 52 guests
  4. RouterOS
  5. Beginner Basics