Re: [Mikrotik] VPN Questions
On Mon, 5 May 2008, Mike Hammett wrote: Perfect Forward Secrecy they have yes and no. Mikrotik does not support PFS. -- *Butch Evans*Professional Network Consultation * *Network Engineering*MikroTik RouterOS * *573-276-2879 *ImageStream * *http://www.butchevans.com/ *StarOS and MORE * *Mikrotik Certified Consultant *Wired or Wireless Networks*
[Mikrotik] VOIP server seeing internal address ?
I've got a customer with a VOIP server (Altigen) inside a Mikrotik router (3.0beta5 for various reasons) Let's say outside IP is 1.1.1.1 - internal is 192.168.15.1 All internal phones have 192.168.15.x addresses, remote phones in various places with various IP's. Remote phone connects to public IP, gets dst-nat'd to 192.168.15.250 (Altigen server IP). They have several publics on this router - we picked one and just dst-nat'd the whole public - internal When the phone server gets the connection from the remote IP, it sees 192.168.15.1 as the incoming IP, and it can't talk to the remote phone because the phone server's expecting the public IP (according to the dealer on-site) No matter what I do, I can't get the public IP to appear on the internal network as the source address. I'm pretty sure that's the way NAT is SUPPOSED to work - but of course they're telling me that Altigen works just fine with every other router in the world and they've never had this problem with sonicwall or ciscos What to do? What to do. R PS...we do dst-nat'ing on another public, straight to a webserver inhouse, and it works great, although the logs on the server say 192.168.15.1 is requesting the page... -- next part -- An HTML attachment was scrubbed... URL: http://www.butchevans.com/pipermail/mikrotik/attachments/20080506/f3b79748/attachment.html
Re: [Mikrotik] VOIP server seeing internal address ?
btw... they're running H323, not SIP... -Original Message- From: [EMAIL PROTECTED] on behalf of Rick Smith Sent: Tue 5/6/2008 8:54 AM To: Mikrotik@mail.butchevans.com Subject: [Mikrotik] VOIP server seeing internal address ? I've got a customer with a VOIP server (Altigen) inside a Mikrotik router (3.0beta5 for various reasons) Let's say outside IP is 1.1.1.1 - internal is 192.168.15.1 All internal phones have 192.168.15.x addresses, remote phones in various places with various IP's. Remote phone connects to public IP, gets dst-nat'd to 192.168.15.250 (Altigen server IP). They have several publics on this router - we picked one and just dst-nat'd the whole public - internal When the phone server gets the connection from the remote IP, it sees 192.168.15.1 as the incoming IP, and it can't talk to the remote phone because the phone server's expecting the public IP (according to the dealer on-site) No matter what I do, I can't get the public IP to appear on the internal network as the source address. I'm pretty sure that's the way NAT is SUPPOSED to work - but of course they're telling me that Altigen works just fine with every other router in the world and they've never had this problem with sonicwall or ciscos What to do? What to do. R PS...we do dst-nat'ing on another public, straight to a webserver inhouse, and it works great, although the logs on the server say 192.168.15.1 is requesting the page... -- next part -- An HTML attachment was scrubbed... URL: http://www.butchevans.com/pipermail/mikrotik/attachments/20080506/f3b79748/attachment.html ___ Mikrotik mailing list Mikrotik@mail.butchevans.com http://www.butchevans.com/mailman/listinfo/mikrotik -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- next part -- An HTML attachment was scrubbed... URL: http://www.butchevans.com/pipermail/mikrotik/attachments/20080506/0af65365/attachment.html
Re: [Mikrotik] VOIP server seeing internal address ?
On Tue, 6 May 2008, Rick Smith wrote: When the phone server gets the connection from the remote IP, it sees 192.168.15.1 as the incoming IP, and it can't talk to the remote phone because the phone server's expecting the public IP (according to the dealer on-site) This should be correct. No matter what I do, I can't get the public IP to appear on the internal network as the source address. I'm pretty sure that's the way NAT is SUPPOSED to work - but of course they're telling me that Altigen works just fine with every other router in the world and they've never had this problem with sonicwall or ciscos I'd bet you have a rule in src-nat that is affecting this traffic. Just my guess, but I bet you have a rule that looks similar to: /ip firewall nat add chain=srcnat action=masquerade If you export all rules in nat and post them (or private email if you prefer), we can offer further input. -- *Butch Evans*Professional Network Consultation * *Network Engineering*MikroTik RouterOS * *573-276-2879 *ImageStream * *http://www.butchevans.com/ *StarOS and MORE * *Mikrotik Certified Consultant *Wired or Wireless Networks*
Re: [Mikrotik] VOIP server seeing internal address ?
I haven't messed with H323 but have SIP and asterisk phone server. I know in that case you have to set both the phone (or it auto detects) for nat and for the phone to use the public ip on their end. On the server you set the entry for that phone for nat also. Maybe that helps some. Terri Kelley Network Engineer 254-697-6710 This email message is intended only for the named recipient(s) above, and may contain, together with any attachment(s), confidential information that is privileged. If you are not the intended recipient, be advised that you have received this email in error and that any use, dissemination, forwarding, printing, copying or distribution of this message and any attachment(s) is strictly prohibited. On May 6, 2008, at 8:03 AM, Rick Smith wrote: btw... they're running H323, not SIP... -Original Message- From: [EMAIL PROTECTED] on behalf of Rick Smith Sent: Tue 5/6/2008 8:54 AM To: Mikrotik@mail.butchevans.com Subject: [Mikrotik] VOIP server seeing internal address ? I've got a customer with a VOIP server (Altigen) inside a Mikrotik router (3.0beta5 for various reasons) Let's say outside IP is 1.1.1.1 - internal is 192.168.15.1 All internal phones have 192.168.15.x addresses, remote phones in various places with various IP's. Remote phone connects to public IP, gets dst-nat'd to 192.168.15.250 (Altigen server IP). They have several publics on this router - we picked one and just dst-nat'd the whole public - internal When the phone server gets the connection from the remote IP, it sees 192.168.15.1 as the incoming IP, and it can't talk to the remote phone because the phone server's expecting the public IP (according to the dealer on-site) No matter what I do, I can't get the public IP to appear on the internal network as the source address. I'm pretty sure that's the way NAT is SUPPOSED to work - but of course they're telling me that Altigen works just fine with every other router in the world and they've never had this problem with sonicwall or ciscos What to do? What to do. R PS...we do dst-nat'ing on another public, straight to a webserver inhouse, and it works great, although the logs on the server say 192.168.15.1 is requesting the page... -- next part -- An HTML attachment was scrubbed... URL: http://www.butchevans.com/pipermail/mikrotik/attachments/20080506/f3b79748/attachment.html ___ Mikrotik mailing list Mikrotik@mail.butchevans.com http://www.butchevans.com/mailman/listinfo/mikrotik -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- next part -- An HTML attachment was scrubbed... URL: http://www.butchevans.com/pipermail/mikrotik/attachments/20080506/0af65365/attachment.html ___ Mikrotik mailing list Mikrotik@mail.butchevans.com http://www.butchevans.com/mailman/listinfo/mikrotik -- next part -- An HTML attachment was scrubbed... URL: http://www.butchevans.com/pipermail/mikrotik/attachments/20080506/2eda1353/attachment.html -- next part -- A non-text attachment was scrubbed... Name: LogoHzlsigtest.jpg Type: image/jpeg Size: 2158 bytes Desc: not available Url : http://www.butchevans.com/pipermail/mikrotik/attachments/20080506/2eda1353/attachment.jpg
Re: [Mikrotik] VOIP server seeing internal address ?
I had something very similar happen a few months ago with SIP. I was using analog phone - Grandstream HT-286 #1 - Linksys router - Internet - Tik Router - Local network with Asterisk server and internal HT-286s. I ran torch when trying to get adapter #1 to connect to the Asterisk server. The request came into the * server just fine, the reponse for some reason was trying to leave the internal Tik router network with the internal IP of the #1 adapter. That just does not work. Luckily there was a place to add a STUN server. http://www.freeworlddialup.com/ has a public STUN server you can use. It helped adapter #1 figure out what kind of firewall it was behind along with the public IP of the above Linksys router. Casey On 5/6/08, Terri Kelley [EMAIL PROTECTED] wrote: I haven't messed with H323 but have SIP and asterisk phone server. I know in that case you have to set both the phone (or it auto detects) for nat and for the phone to use the public ip on their end. On the server you set the entry for that phone for nat also. Maybe that helps some. Terri Kelley Network Engineer 254-697-6710 This email message is intended only for the named recipient(s) above, and may contain, together with any attachment(s), confidential information that is privileged. If you are not the intended recipient, be advised that you have received this email in error and that any use, dissemination, forwarding, printing, copying or distribution of this message and any attachment(s) is strictly prohibited. On May 6, 2008, at 8:03 AM, Rick Smith wrote: btw... they're running H323, not SIP... -Original Message- From: [EMAIL PROTECTED] on behalf of Rick Smith Sent: Tue 5/6/2008 8:54 AM To: Mikrotik@mail.butchevans.com Subject: [Mikrotik] VOIP server seeing internal address ? I've got a customer with a VOIP server (Altigen) inside a Mikrotik router (3.0beta5 for various reasons) Let's say outside IP is 1.1.1.1 - internal is 192.168.15.1 All internal phones have 192.168.15.x addresses, remote phones in various places with various IP's. Remote phone connects to public IP, gets dst-nat'd to 192.168.15.250 (Altigen server IP). They have several publics on this router - we picked one and just dst-nat'd the whole public - internal When the phone server gets the connection from the remote IP, it sees 192.168.15.1 as the incoming IP, and it can't talk to the remote phone because the phone server's expecting the public IP (according to the dealer on-site) No matter what I do, I can't get the public IP to appear on the internal network as the source address. I'm pretty sure that's the way NAT is SUPPOSED to work - but of course they're telling me that Altigen works just fine with every other router in the world and they've never had this problem with sonicwall or ciscos What to do? What to do. R PS...we do dst-nat'ing on another public, straight to a webserver inhouse, and it works great, although the logs on the server say 192.168.15.1 is requesting the page... -- next part -- An HTML attachment was scrubbed... URL: http://www.butchevans.com/pipermail/mikrotik/attachments/20080506/f3b79748/attachment.html ___ Mikrotik mailing list Mikrotik@mail.butchevans.com http://www.butchevans.com/mailman/listinfo/mikrotik -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- next part -- An HTML attachment was scrubbed... URL: http://www.butchevans.com/pipermail/mikrotik/attachments/20080506/0af65365/attachment.html ___ Mikrotik mailing list Mikrotik@mail.butchevans.com http://www.butchevans.com/mailman/listinfo/mikrotik -- next part -- An HTML attachment was scrubbed... URL: http://www.butchevans.com/pipermail/mikrotik/attachments/20080506/2eda1353/attachment.html -- next part -- A non-text attachment was scrubbed... Name: LogoHzlsigtest.jpg Type: image/jpeg Size: 2158 bytes Desc: not available Url : http://www.butchevans.com/pipermail/mikrotik/attachments/20080506/2eda1353/attachment.jpg ___ Mikrotik mailing list Mikrotik@mail.butchevans.com http://www.butchevans.com/mailman/listinfo/mikrotik
[Mikrotik] routing a particular src ip
Is there a way to route a particular source/destination ip to a different next hop router rather than the default gateway? In other words if there is traffic from many IP addresses running through a tik to a default ip. Lets say that 123.123.123.3 needs to default that same direction. But if traffic from 123.123.123.3 is going to 456.456.456.6 then I need to send it on through a different router than the default. Thanks Terri Kelley Network Engineer 254-697-6710 This email message is intended only for the named recipient(s) above, and may contain, together with any attachment(s), confidential information that is privileged. If you are not the intended recipient, be advised that you have received this email in error and that any use, dissemination, forwarding, printing, copying or distribution of this message and any attachment(s) is strictly prohibited. -- next part -- An HTML attachment was scrubbed... URL: http://www.butchevans.com/pipermail/mikrotik/attachments/20080506/da9cd908/attachment.html -- next part -- A non-text attachment was scrubbed... Name: LogoHzlsigtest.jpg Type: image/jpeg Size: 2158 bytes Desc: not available Url : http://www.butchevans.com/pipermail/mikrotik/attachments/20080506/da9cd908/attachment.jpg