On 02/07/2015 11:36 PM, Chris Gotstein wrote:
Trying to figure out an odd routing issue with a PtP VPN setup. Diagram Below:(10.7.65.0 subnet) | | Sonicwall (10.7.65.1) | | Mikrotik RB (10.7.65.2) | | (IPSEC/IPIP VPN) | | Mikrotik RB (172.23.65.1) | | (172.23.65.0 subnet) Problem I'm having is connecting to devices on the 10.7.65.0 subnet from the 172.23.65.0 subnet. The problem also happens when you to a PPtP VPN directly to the 10.7.65.2 router. Running an IP scan from the 10.7.65.2 router shows all the devices on the 10.7.65.0 subnet. Also, when running an IP scan from the 10.7.65.2 router on the 172.23.65.0 subnet shows every IP address with the same MAC address and 0ms, but does ping the devices correctly. I am running OSPF between the MT routers. I do not have access to the Sonicwall device as it's being managed by another company. Any thoughts would be appreciated.
The issue is LIKELY to be that the devices are using the SW for their gateway. There are several possible fixes.
1. In the Sonicwall, add a route to 172.23.65.0/24 via the 10.7.65.2 (MT) router. This is a POSSIBLE fix, but there are a couple of ways the SW can handle this traffic. IF it sends ICMP redirect packets to the devices on the LAN, then it will NOT work. If, instead, it simply forwards the packets to the MT, then this should work as expected.
2. You can NAT traffic on the MT going to the LAN. This will work without question, but, of course, the LAN devices will only get connections from the 10.7.65.2 IP. Also, the devices on the 10.7.65.0/24 subnet will not be able to initiate a connection to the 172.23.65.0/24 subnet.
3. You can add a route to each of the devices on the LAN. DST subnet 172.23.65.0/24 via gateway 10.7.65.2. This will be a 100% fix but is a management nightmare.
-- Butch Evans 702-537-0979 Network Support and Engineering http://store.wispgear.net/ http://www.butchevans.com/ _______________________________________________ Mikrotik mailing list Mikrotik@mail.butchevans.com http://mail.butchevans.com/mailman/listinfo/mikrotik Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS
