Community discussions

MikroTik App
 
unbkbl
just joined
Topic Author
Posts: 8
Joined: Tue Feb 08, 2011 6:01 pm
Location: Medellin, Colombia

Netwatch to an IP address on the other side of a IPSEC VPN

Tue Feb 08, 2011 6:22 pm

Hi!

My question is simple, I don't know how to make a netwatch rule that verifies an IP address on the other side of a IPSec VPN.

I have a LAN, 192.168.20.0/24 with a mikrotik 192.168.20.254 establishing a IPSec VPN with other mikrotik, 192.168.1.254 in the 192.168.1.0/24 LAN. I want to monitor a PBX in the 192.168.1.0/24 network from the 192.168.20.0/24 network.

How do I change the source address (like you can do in a normal ping "ping 192.168.1.2 src-address=192.168.20.254") of a netwatch so it doesn't appear down in its Status? if I can't change that, there is another way to make a full time ping to that IP address?

Thanks beforehand for any replies.

Daniel.
Voluntas - Fides - Esperantia
 
unbkbl
just joined
Topic Author
Posts: 8
Joined: Tue Feb 08, 2011 6:01 pm
Location: Medellin, Colombia

Re: Netwatch to an IP address on the other side of a IPSEC V

Thu Feb 10, 2011 3:34 pm

Is there at least a script to make a sustained ping through an IPSec tunnel? I just want to keep the tunnel stablished
Voluntas - Fides - Esperantia
 
psamsig
Member Candidate
Member Candidate
Posts: 161
Joined: Sun Dec 06, 2009 1:36 pm
Location: Denmark

Re: Netwatch to an IP address on the other side of a IPSEC V

Thu Feb 10, 2011 10:33 pm

Add a route to 192.168.1.0/24 on you LAN interface

e.g:

/ip route add disabled=no dst-address=192.168.1.0/24 gateway=Lan

that will make Netwatch work
 
unbkbl
just joined
Topic Author
Posts: 8
Joined: Tue Feb 08, 2011 6:01 pm
Location: Medellin, Colombia

Re: Netwatch to an IP address on the other side of a IPSEC V

Fri Feb 11, 2011 5:39 pm

Thanks!!!! It worked just fiiine!
:D
Voluntas - Fides - Esperantia
 
v0latile
just joined
Posts: 1
Joined: Fri Dec 14, 2018 12:22 pm

Re: Netwatch to an IP address on the other side of a IPSEC V

Fri Dec 14, 2018 12:36 pm

Add a route to 192.168.1.0/24 on you LAN interface

e.g:

/ip route add disabled=no dst-address=192.168.1.0/24 gateway=Lan

that will make Netwatch work
It works! but how?
anybody can explain?
 
luddite
just joined
Posts: 21
Joined: Fri Apr 06, 2012 12:09 am

Re: Netwatch to an IP address on the other side of a IPSEC VPN

Thu Mar 21, 2019 10:43 am


It works! but how?
anybody can explain?

I found this puzzling too, it works because your ipsec tunnel has a policy that applies to traffic destined for that address range, but traffic has to be on lan interrface to get picked up by the policy, that route gets traffic for that range onto lan where the policy can apply to it

Who is online

Users browsing this forum: aanjaneyam, Tdaddysimi and 61 guests