I'll change from ARP to proxy-arp & see if that works. Thanks Original Message: ----------------- From: Chupaka chup...@gmail.com Date: Fri, 1 Jul 2011 14:22:29 +0300 To: mikrotik@mail.butchevans.com Subject: Re: [Mikrotik] VPN issue
Doesn't matter. In case of bridging of your address space to you you will need proxy-arp on external interface too. 2011/7/1 Ronnie Low <r...@rdlow.com> > proxy-arp is already on on the internal interface > > > On 7/1/2011 2:07 AM, Anthony Cacciola wrote: > >> Try turning on proxy-arp on the internal interface >> >> At 11:01 AM 1/07/2011, Ronnie Low wrote: >> >>> I encountered a problem with a VPN after upgrading a 532A 'tik from >>> 2.9.51 to 4.17. The setup is like this: >>> >>> Site A has the Mikrotik 532A with 192.168.49.0/24 as the ip range. This >>> site also has a VPN device that connects to a 3rd party and uses 2 ips >>> 172.109.0.3 & 172.109.0.2 for communications. >>> >>> Site B has a non Mikrotik router with an ip range of 192.168.56.0/24 >>> >>> The setup that worked with 2.9.51 as this: >>> >>> VPN with 3 SA's : 192.168.49.0/24 ----- 192.168.56.0/24 >>> 172.109.0.3----------- 192.168.56.0/24 >>> 172.109.0.2------------192.**168.56.0/24 >>> After upgrading to 3.30, this worked, but I had to add this srcnat on the >>> mikrotik: src address--192.168.49.0/24 dest address 192.168.56.0/24action=accept in order to be able to connect from site A to site B. Before >>> the srcnat, site B was able to connect fine to site A, both send and >>> receive. (I'm pretty sure that all 3 SAs were working) The only problem was >>> that I couldn't connect to anything at site B from site A until I added the >>> srcnat. >>> >>> After upgrading to 4.17, the main SA (192.168.49.0/24 --192.168.56.0/24works fine, but I am unable to receive traffic from 172.109.3 or .2 at site >>> B. >>> I can see the traffic arrive from site B and I can see traffic from >>> 172.109.0.3 going to 192.168.56.0 enter into the mikrotik, but It doesn't >>> make it to site B. >>> >>> I tried adding a srcnat: src address--172.109.0.3 dest address >>> 192.168.56.0/24 action=accept but no traffic hits it. >>> >>> What am I missing? >>> >>> Or should I downgrade back to 3.30? Do you lose the config in a >>> downgrade? >>> >>> Thanks for any suggestions. >>> >>> rlow >>> >>> >>> -------------- next part -------------- >>> An HTML attachment was scrubbed... >>> URL: <http://www.butchevans.com/**pipermail/mikrotik/** >>> attachments/20110630/44bf5996/**attachment.html<http://www.butchevans.com/pi permail/mikrotik/attachments/20110630/44bf5996/attachment.html> >>> > >>> ______________________________**_________________ >>> Mikrotik mailing list >>> Mikrotik@mail.butchevans.com >>> http://www.butchevans.com/**mailman/listinfo/mikrotik<http://www.butchevans. com/mailman/listinfo/mikrotik> >>> >>> Visit http://blog.butchevans.com/ for tutorials related to Mikrotik >>> RouterOS >>> >> >> ______________________________**_________________ >> Mikrotik mailing list >> Mikrotik@mail.butchevans.com >> http://www.butchevans.com/**mailman/listinfo/mikrotik<http://www.butchevans. com/mailman/listinfo/mikrotik> >> >> Visit http://blog.butchevans.com/ for tutorials related to Mikrotik >> RouterOS >> >> -------------- next part -------------- > An HTML attachment was scrubbed... > URL: <http://www.butchevans.com/**pipermail/mikrotik/** > attachments/20110701/96551b02/**attachment.html<http://www.butchevans.com/pi permail/mikrotik/attachments/20110701/96551b02/attachment.html>> > > > ______________________________**_________________ > Mikrotik mailing list > Mikrotik@mail.butchevans.com > http://www.butchevans.com/**mailman/listinfo/mikrotik<http://www.butchevans. com/mailman/listinfo/mikrotik> > > Visit http://blog.butchevans.com/ for tutorials related to Mikrotik > RouterOS > -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://www.butchevans.com/pipermail/mikrotik/attachments/20110701/7d747640/ attachment.html> _______________________________________________ Mikrotik mailing list Mikrotik@mail.butchevans.com http://www.butchevans.com/mailman/listinfo/mikrotik Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS -------------------------------------------------------------------- mail2web.com – Enhanced email for the mobile individual based on Microsoft® Exchange - http://link.mail2web.com/Personal/EnhancedEmail _______________________________________________ Mikrotik mailing list Mikrotik@mail.butchevans.com http://www.butchevans.com/mailman/listinfo/mikrotik Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS
