[Mikrotik] 750 as a simple router

All, Am I missing something here. I just want to configure a 750 as a simple router. I ripped out all nat and FW rules and I have set my default 0.0.0.0 route. What else am I missing? -- next part -- An HTML attachment was scrubbed... URL:

Re: [Mikrotik] 750 as a simple router

Yup, It is finally working - sheesh. -- next part -- An HTML attachment was scrubbed... URL: http://mail.butchevans.com/pipermail/mikrotik/attachments/20140804/fd572d2e/attachment.html ___ Mikrotik mailing list

[Mikrotik] FTP frustration

-port=3074 in-interface=ether1-gateway protocol=udp to-addresses=192.168.200.93 to-ports=3074 [admin@RB2011UAS-2HnD] /ip firewall nat *Jerry Roy* Sr. Systems Engineer MTCNA/MTCRE/MTCTCE 1 949 681 5054 1 562 305 9545 Cell Unity Network Services *An iPass Company* 125 Technology Drive Suite 100

Re: [Mikrotik] FTP frustration

Yes, Its the WAN IP. I believe I still have the default rules in there. I removed the dest address from the rule but still same issue. I keep getting a syn sent in the connections log. *Jerry Roy* Sr. Systems Engineer MTCNA/MTCRE/MTCTCE 1 949 681 5054 1 562 305 9545 Cell Unity Network

Re: [Mikrotik] FTP frustration

! *Jerry Roy* -- next part -- An HTML attachment was scrubbed... URL: http://mail.butchevans.com/pipermail/mikrotik/attachments/20140611/5d5dde95/attachment.html ___ Mikrotik mailing list Mikrotik@mail.butchevans.com http

Re: [Mikrotik] IPSec Trouble

Working? :) *Jerry Roy* Sr. Systems Engineer MTCNA/MTCRE/MTCTCE 1 949 681 5054 1 562 305 9545 Cell Unity Network Services *An iPass Company* 125 Technology Drive Suite 100 Irvine, CA 92618 On Mon, Apr 7, 2014 at 11:26 AM, Rick Smith onyx3...@gmail.com wrote: Doylestown = Spoke side

Re: [Mikrotik] IPSec Trouble

Look at your Nat if this is split tunnel. You should nat thru tunnel and masquerade to internet *Jerry Roy* Sr. Systems Engineer MTCNA/MTCRE/MTCTCE 1 949 681 5054 1 562 305 9545 Cell Unity Network Services *An iPass Company* 125 Technology Drive Suite 100 Irvine, CA 92618 On Tue, Apr 8

Re: [Mikrotik] IPSec Trouble

Split tunnel means allow traffic destined to the other end to be encrypted and all the remaining traffic defined straight to the internet vs. single tunnel which all traffic is encrypted and sent thru the tunnel to the other side. After I looked at it, you do have split tunnel ;) *Jerry Roy* Sr

Re: [Mikrotik] IPSec Trouble

send an export of the spoke side. Thanks *Jerry Roy* -- next part -- An HTML attachment was scrubbed... URL: http://mail.butchevans.com/pipermail/mikrotik/attachments/20140407/898400f2/attachment.html ___ Mikrotik mailing list

Re: [Mikrotik] IPSec Trouble

Looks like the attachment was scrubbed. email to j...@ipass.com, lets see if that will work :) *Jerry* -- next part -- An HTML attachment was scrubbed... URL: http://mail.butchevans.com/pipermail/mikrotik/attachments/20140407/3a921920/attachment.html

[Mikrotik] Loopback IPsec termination?

=10.94.64.16/29 dst-port=any ipsec-protocols=esp level=require priority=0 \ proposal=juniper protocol=all sa-dst-address=216.231.x.x sa-src-address=0.0.0.0 src-address=5.1.0.8/32 src-port=any \ tunnel=yes [admin@SVNCHS-xxxcity] Thanks for your input as always. *Jerry Roy* Sr. Systems

Re: [Mikrotik] src-nat fail?

On Fri, Jan 24, 2014 at 4:46 PM, Josh Luthman j...@imaginenetworksllc.comwrote: 162.93.0.0/16 216.231.198.0/24 Only these networks should be allowed. All else denied. *Jerry Roy* Sr. Systems Engineer MTCNA/MTCRE/MTCTCE -- next part -- An HTML attachment was scrubbed

Re: [Mikrotik] src-nat fail?

Ok, done. Makes sense and clean but how do I create the drop rule? What are we dropping? The only networks I have defined are allowed and my default drop input rule is denying other subnets/IP's that I have attempted access from. Is there something else you are recommending? *Jerry Roy* Sr

Re: [Mikrotik] src-nat fail?

protocol=tcp add action=drop chain=input comment=default configuration disabled=no in-interface=ether1-gateway-static *Jerry Roy* Sr. Systems Engineer MTCNA/MTCRE/MTCTCE -- next part -- An HTML attachment was scrubbed... URL: http://mail.butchevans.com/pipermail/mikrotik

Re: [Mikrotik] src-nat fail?

to 8443 on the WAN? *Jerry Roy* Sr. Systems Engineer MTCNA/MTCRE/MTCTCE -- next part -- An HTML attachment was scrubbed... URL: http://mail.butchevans.com/pipermail/mikrotik/attachments/20140127/494a18ab/attachment.html

[Mikrotik] src-nat fail?

to-addresses=0.0.0.0 Thanks, *Jerry Roy* -- next part -- An HTML attachment was scrubbed... URL: http://mail.butchevans.com/pipermail/mikrotik/attachments/20140124/a2d2421c/attachment.html ___ Mikrotik mailing list Mikrotik

[Mikrotik] Queuing?

=! 192.168.98.0/24\ new-packet-mark=ELSE_OUT out-interface=ether2-master-local passthrough=no *Thanks,* *Jerry Roy* -- next part -- An HTML attachment was scrubbed... URL: http://mail.butchevans.com/pipermail/mikrotik/attachments/20140114/ca65d4e6/attachment.html

[Mikrotik] Hotspot in and out same interface?

Is it possible to configure Hotspot capability on RB750 in and out of the same interface? What I mean is router on a stick *Jerry Roy* Sr. Systems Engineer MTCNA/MTCRE/MTCTCE -- next part -- An HTML attachment was scrubbed... URL: http://mail.butchevans.com/pipermail

Re: [Mikrotik] Upcoming Training Events

Anyone have free or discounted passes to Wispapalooza? I really want to go to see all the hulabaloo and take an IPv6 Class but its all out of my own pocket. I need to save some money on this trip. Anyone? Thanks in advance for your responses and consideration. *Jerry Roy* Sr. Systems Engineer

Re: [Mikrotik] Upcoming Training Events

as well have a look. $300 is a LOT of money just to be curious. That's 1 night in a good hotel or two in a NTS (Not too shabby) :) *Jerry Roy* Sr. Systems Engineer MTCNA/MTCRE/MTCTCE 1 949 681 5054 1 562 305 9545 Cell Unity Network Services *An iPass Company* 125 Technology Drive Suite 100

Re: [Mikrotik] Upcoming Training Events

Thanks Josh, It is very helpful. Much appreciated :) *Jerry Roy* Sr. Systems Engineer MTCNA/MTCRE/MTCTCE 1 949 681 5054 1 562 305 9545 Cell Unity Network Services *An iPass Company* 125 Technology Drive Suite 100 Irvine, CA 92618 *Read and share our white paper - *The Next Generation

Re: [Mikrotik] Mikrotik BUG !!

I have tried and it keeps saying wrong password. What are you using for password? *Jerry Roy* Sr. Systems Engineer MTCNA/MTCRE/MTCTCE 1 949 681 5054 1 562 305 9545 Cell Unity Network Services *An iPass Company* 125 Technology Drive Suite 100 Irvine, CA 92618 *Read and share our white paper

Re: [Mikrotik] http client from Lan?

could respond to from the terminal to see if I can complete the registration process is https. https://attreg.att.net/CDSLRegWeb/CDSLRegController Now I was going to see if I could proxy my browser thru the MT and respond :) Any ideas on how to do this would be great :) *Jerry Roy* Sr. Systems

[Mikrotik] http client from Lan?

We have 4 att locations that will not encrypt ipsec traffic in both directions. We see traffic from MT to our Juniper Head End bytes increasing under the SA but ZERO bytes increasing coming back. We believe it has to do with an att registration page that was not utilized during the self install by

Re: [Mikrotik] http client from Lan?

the traffic is being denied somewhere else down the link on its way back to the MT. Keep us posted on the Los Angeles training! ;) I sure hope you can fit the IPv6 in at that time as well! *Jerry Roy* Sr. Systems Engineer MTCNA/MTCRE/MTCTCE 1 949 681 5054 1 562 305 9545 Cell Unity Network Services

Re: [Mikrotik] Is there a way to add a user Account Through Command Prompt on Mikrotik?

Sorry All, Jumped the gun. I see it is under system users via the winbox but just users via the cli. Thanks :) *Jerry Roy* Sr. Systems Engineer MTCNA/MTCRE/MTCTCE -- next part -- An HTML attachment was scrubbed... URL: http://mail.butchevans.com/pipermail/mikrotik

[Mikrotik] Adding user accounts

disabled=no group=full name=admin password=Jeckle add address= comment=Customer Read Only disabled=no group=read name=csadmin password=hyde Thanks, *Jerry Roy* -- next part -- An HTML attachment was scrubbed... URL: http://mail.butchevans.com/pipermail/mikrotik/attachments

Re: [Mikrotik] Automatic config backup

Hi Rick, Your script would be kindly appreciated here as well. Thanks, *Jerry Roy* Sr. Systems Engineer MTCNA/MTCRE/MTCTCE -- next part -- An HTML attachment was scrubbed... URL: http://mail.butchevans.com/pipermail/mikrotik/attachments/20130206/42ad6d53/attachment.html

Re: [Mikrotik] Best method for mass production

OK, I believe I have an accurate file and commands in the proper order but when I load based on the command steps listed below, the Neighborviewer only shows a 0.0.0.0 IP address. There are no log files on the 750. If I paste the file Line by line, It configures correctly but I have to paste it

Re: [Mikrotik] Best method for mass production

-applied. Is the order of the commands what is causing portions to not be imported? Does anyone have a document that explains what the best order the commands should be in? Any other Ideas? *Jerry Roy* -- next part -- An HTML attachment was scrubbed... URL: http

Re: [Mikrotik] Best method for mass production

only message is: Script file loaded successfullyfailure: pool with such name exists *Jerry Roy* -- next part -- An HTML attachment was scrubbed... URL: http://www.butchevans.com/pipermail/mikrotik/attachments/20121108/a0e1d581/attachment.html

Re: [Mikrotik] Best method for mass production

Was that in a previous e-mail? I may have missed that. Can you resend? *Jerry Roy* -- next part -- An HTML attachment was scrubbed... URL: http://www.butchevans.com/pipermail/mikrotik/attachments/20121108/c56789fa/attachment.html

Re: [Mikrotik] Best method for mass production

I also tried this process and I am directly connected on port 5 to the 750. http://wiki.mikrotik.com/wiki/Manual:Flashfig Does NOT work. Pretty frustrating that just uploading a text file with a complete config can be unsupported by such a power product. Thanks for your help. *Jerry Roy

Re: [Mikrotik] Best method for mass production

but it never reloaded and has zero bytes in the log file. Any help would be greatly appeciated. *Jerry Roy* -- next part -- An HTML attachment was scrubbed... URL: http://www.butchevans.com/pipermail/mikrotik/attachments/20121107/e86a5f84/attachment.html

Re: [Mikrotik] Best method for mass production

rename sanitized-fullconfig.rsc to fullconfig.rsc *Jerry Roy* -- next part -- An HTML attachment was scrubbed... URL: http://www.butchevans.com/pipermail/mikrotik/attachments/20121107/7e473f16/attachment.html -- next part -- A non-text attachment

[Mikrotik] ipsec issue

add interface=ether5-slave-local [admin@CS750-10] *Jerry Roy* Sr. Systems Engineer MTCNA/MTCRE/MTCTCE http://www.ipass.com/ http://www.ipass.com/ 1 949 681 5054 1 562 305 9545 Cell Managed Network Services *An iPass Company* 125 Technology Drive Suite 100 Irvine, CA 92618 *Read and share our

Re: [Mikrotik] ipsec issue

=any tunnel=yes add action=encrypt disabled=no dst-address=10.94.64.16/29 dst-port=any ipsec-protocols=esp level=require priority=0 proposal=\ juniper protocol=all sa-dst-address=216.231.x.x sa-src-address=0.0.0.0 src-address=192.168.100.0/24 src-port=any tunnel=\ yes *Jerry Roy* Sr

Re: [Mikrotik] HP Network Automation Driver

Thanks Josh, I will definitely filter next time :) Jerry -- next part -- An HTML attachment was scrubbed... URL: http://www.butchevans.com/pipermail/mikrotik/attachments/20120925/cfc6068f/attachment.html ___ Mikrotik mailing

[Mikrotik] Ipsec to Loopback Interface?

server. Thanks in advance for your insight *Jerry Roy* Sr. Systems Engineer http://www.ipass.com/ http://www.ipass.com/ 1 949 681 5054 1 562 305 9545 Cell Managed Network Services *An iPass Company* 125 Technology Drive Suite 100 Irvine, CA 92618 *be well connected* *iPass.com/blog* http