Community discussions

MikroTik App
 
andyanthoine
newbie
Topic Author
Posts: 43
Joined: Wed Jun 12, 2013 3:41 am

Routing between VPN

Fri Jun 21, 2013 7:51 am

Hi,

Excuse me, but i would love some help on a problem, i know i m near the solution but i can't find a way to make it work.

Let me explain my problem

I have 3 distant site, connected by VPN

SITE N :
Ftp server 192.168.0.5
Mikrotik Router : 192.168.0.1
Local VPN Address : 10.0.0.2 (vpn between S and N)

SITE S :
Mikrotik Router : 192.168.0.251
Local VPN Address : 10.0.0.1 (vpn between S and N)
Cisco : 192.168.0.250 (connecting S to D)

SITE D :
A few ftp server and other things i need to talk to on 192.168.102.0/24
This one is connected to S via a VPN on a cisco to site S

What i need, is that site N and site D talk to each other, passing through S (since the vpn is on the cisco between S and D) without making any conflict between S and N since they are on the same network.

I tried routing / nating, but i m doing a mistake somewhere : /

I haded that to N
/ip route add disabled=no distance=1 dst-address=192.168.102.0/24 gateway=VpnNtoS scope=30 target-scope=10

and that to S :
/ip add disabled=no distance=1 dst-address=192.168.102.0/24 gateway=10.0.0.2 pref-src=10.0.0.1 scope=30 target-scope=10

I won't copy you the dst and src nat i did cause i m pretty sur i did a mistake...

If you can help a bit, i would love it

Regards

Andy
 
Jorbu
just joined
Posts: 23
Joined: Sun Apr 01, 2012 4:23 am

Re: Routing between VPN

Sat Jun 22, 2013 12:42 am

Look at it like this, you have 4 players, they all need to be in the loop:
1) Mikrotik at N
2) Mikrotik at S
3) Cisco at D
4) Whatever you have at D (not mentioned)

This is not correct, as i would need to know what your default gateway is for all your devices is on 192.168.0.0/24. However, this should make it work:
For 1 and 2, add:
/ip route add disabled=no distance=1 dst-address=192.168.102.0/24 gateway=192.168.0.250 scope=30 target-scope=10

You're telling all your devices that if you need to get to 192.168.102.0/24, ask the Cisco router @ site S.

I'm fairly certain this will get packets flowing do D, but they are not returning because D doesn't know how to get back to 192.168.0.0/24.


Now, what I think you're missing is site D does not know of the existence of the 192.168.0.0/24 subnet. You will need to tell 4 to send traffic through the Cisco VPN tunnel (or however they are connected) in order to get to S and N.
 
andyanthoine
newbie
Topic Author
Posts: 43
Joined: Wed Jun 12, 2013 3:41 am

Re: Routing between VPN

Mon Jun 24, 2013 1:09 am

Image

There isn't any rule blocking ftp traffic, or any drop, what i need is that the 192.168.0.5 communicate with the 192.168.102.0/24 without interfering with site S :)

The vpn are PPTP actually.

Who is online

Users browsing this forum: Bing [Bot], svmk, xvo and 131 guests