For internet access for example from either routers to facebook do we need to configure simple Nat also like we do by applying masquerade in action and chain as source nat ?
Hello sir. I`ve set up quite a few routers with Ipsec Tunnel. In RoS 6v i also used to set up a route in the main routing table (dst-addresse: x.x.x.x Gateway : bridge). This i did for the dude having a routing table to fetch its routes. However this is failing bigtime in RoS 7v. Instead of doing src-nat as a routing i`ve set up 2 "Raw" Prerouting rules with no track chain, 1 for each way. That also work as a charm. What you think about using Raw rules as Prerouting?
hola, buen dia, por lo menos uno de los puntos en cuestión necesita tener la ip privada con dmz, (ip privada nateada). La otra no hace falta, es una maravilla.
i think you have a problem if public ip change, in this type of vpn you need two pubblic ip, of for R1 one for R2. the important to uderstand for me is the fact that this is a policy based vpn, not a route based vpn, so the local subnet are the same as the address in the tunnel. i've tried in gns and work, the only thing if the you have the problem with phase one, you need to repeat the steps from the beginning.
![เปิด อาณาจักร หมื่นล้าน "สาระตั้ม" l [Nickynachat]](http://i.ytimg.com/vi/3XE0nPF4YkQ/mqdefault.jpg)
Thanks again for your videos, you deserve more subscribers and likes since you are a real network engineer and professional.
Thank you, maybe one day :)
Thanks , you are the best in explaining Mikrotik
Thank you for the compliment
For internet access for example from either routers to facebook do we need to configure simple Nat also like we do by applying masquerade in action and chain as source nat ?
Excelent video mate!, i do all what you explain on video but dont get ping, shows timeout... can help me please?
Hello sir. I`ve set up quite a few routers with Ipsec Tunnel. In RoS 6v i also used to set up a route in the main routing table (dst-addresse: x.x.x.x Gateway : bridge). This i did for the dude having a routing table to fetch its routes. However this is failing bigtime in RoS 7v. Instead of doing src-nat as a routing i`ve set up 2 "Raw" Prerouting rules with no track chain, 1 for each way. That also work as a charm. What you think about using Raw rules as Prerouting?
how to config router default over ipsec ?
Android 12/13,mobile internet (nat) ipv4. How connect to mikrotik? Ipsek, ikev support?
Thank you Maher.
You're most welcome
Both router need public static IP ?
hola, buen dia, por lo menos uno de los puntos en cuestión necesita tener la ip privada con dmz, (ip privada nateada). La otra no hace falta, es una maravilla.
Sir if public ip change then we should be again and again configuration??
i think you have a problem if public ip change, in this type of vpn you need two pubblic ip, of for R1 one for R2. the important to uderstand for me is the fact that this is a policy based vpn, not a route based vpn, so the local subnet are the same as the address in the tunnel. i've tried in gns and work, the only thing if the you have the problem with phase one, you need to repeat the steps from the beginning.
@@jpcapobianco1979 thanks
THX:)