Follow us on...
Follow us on G+ Follow us on Twitter Follow us on Facebook Watch us on YouTube
Register
Results 1 to 2 of 2
  1. #1
    Status
    Offline
    black_3v1L's Avatar
    Baru Gabung
    Join Date
    Jun 2008
    Posts
    7
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0

    Lokal tidak bisa ping ke VPN

    Salam FMI,

    Mohon bantuan mas" FMI yang baik untuk koneksi dikantor ane
    Ane pake load balance dengan beda ISP, ISP1 menggunakan speedy dengan IP dynamic, dan ISP2 menggunakan nusa dengan IP Static
    Load balance yg ane pake tipe PCC dan sudah terhubung lancar


    Ane udah setup VPN server di mikrotik tujuannya agar user dari kantor cabang dengan line speedy tanpa router bisa terhubung dengan IP lokal dikantor diarahkan ke IP static nusa
    Kondisi sekarang koneksi VPN sudah terhubung lancar, user VPN (192.168.11.0/24) bisa ping ke server VPN mikrotik (192.168.11.254) dan ke IP lokal kantor (192.168.10.0/24)
    Koneksi mikrotik juga lancar ke semua segmen IP, baik ISP1, ISP2, Lokal, begitu juga ke user VPN


    yang jadi kendala IP lokal kantor tidak bisa ping ke user VPN (192.168.11.0/24) tapi ke server VPN mikrotik bisa (192.168.11.254)
    sehingga untuk mengirim file dari lokal ke user VPN gagal.
    Mohon bantuannya suhu" FMI.....


    berikut topologinya, maaf kalau salah topologinya:

    Code:
    ISP 1 -------------------|
    			 |
    			 | LB ___________  mikrotik  _____  LAN
    			 |		     |
    			 |		     |
    ISP 2 -------------------|		     |
    					     |
    				           VPN USER



    konfigurasi yang ane pake :
    NAT :
     
    Code:
    ;;; Masquerade
         chain=srcnat action=masquerade to-addresses=0.0.0.0 out-interface=MODEM 
     1   chain=srcnat action=masquerade out-interface=NUSANET 
    
     2   ;;; VPN ke lokal
         chain=srcnat action=masquerade src-address=192.168.11.0/24 
         out-interface=LOKAL 
     3   ;;; DNS
         chain=dstnat action=redirect to-ports=53 protocol=tcp dst-port=53 
     4   chain=dstnat action=redirect to-ports=53 protocol=udp dst-port=53


    MANGLE :
     
    Code:
    ;;; winbox
         chain=prerouting action=mark-connection new-connection-mark=winbox 
         passthrough=yes protocol=tcp dst-port=8291 
     1   chain=prerouting action=mark-packet new-packet-mark=winbox passthrough=no 
         connection-mark=winbox 
    
     2   ;;; LB
         chain=input action=mark-connection new-connection-mark=line_nusa 
         passthrough=yes connection-state=new in-interface=NUSANET 
     3   chain=input action=mark-connection new-connection-mark=line_speedy 
         passthrough=yes connection-state=new in-interface=MODEM 
     4   chain=prerouting action=mark-connection new-connection-mark=lb_nusa 
         passthrough=yes dst-address-type=!local in-interface=LOKAL 
         per-connection-classifier=both-addresses-and-ports:2/0 
     5   chain=prerouting action=mark-connection new-connection-mark=lb_speedy 
         passthrough=yes dst-address-type=!local in-interface=LOKAL 
         per-connection-classifier=both-addresses-and-ports:2/1 
     6   chain=output action=mark-routing new-routing-mark=route_nusa passthrough=no 
         connection-mark=line_nusa 
     7   chain=output action=mark-routing new-routing-mark=route_speedy 
         passthrough=no connection-mark=line_speedy 
     8   chain=prerouting action=mark-routing new-routing-mark=route_nusa 
         passthrough=yes in-interface=LOKAL connection-mark=lb_nusa 
     9   chain=prerouting action=mark-routing new-routing-mark=route_speedy 
         passthrough=yes in-interface=LOKAL connection-mark=lb_speedy


    ROUTE :
     
    Code:
    #      DST-ADDRESS        PREF-SRC        GATEWAY            DISTANCE
     0 A S  ;;; route LB nusanet
            0.0.0.0/0                          110.232.87.XXX            1
     1 A S  0.0.0.0/0                          192.168.2.1               1
     2 A S  ;;; route LB speedy
            0.0.0.0/0                          192.168.2.1               1
     3   S  0.0.0.0/0                          110.232.87.XXX            2
     4 ADC  110.232.87.XXX/27  110.232.87.XXX  NUSANET                   0
     5 ADC  192.168.1.0/24     192.168.1.253   WiFi                      0
     6 ADC  192.168.2.0/24     192.168.2.2     MODEM                     0
     7 ADC  192.168.10.0/24    192.168.10.254  LOKAL                     0


    Untuk VPN
     
    Code:
    Profile
    # name="default-encryption" local-address=192.168.11.254 remote-address=vpn use-mpls=default use-compression=default 
         use-vj-compression=default use-encryption=required only-one=default change-tcp-mss=yes
    Secret
    # name="VPN" service=pptp caller-id="" password="password" profile=default-encryption local-address=192.168.11.254 remote-address=vpn routes="" limit-bytes-in=0 limit-bytes-out=0


    Mohon petunjuknya kesalahan dari konfigurasi ane diatas, supaya semua koneksi terhubung baik
    sebelumnya terima kasih

  2. #2
    Status
    Offline
    Noeg Waskito's Avatar
    Member Senior
    Join Date
    Aug 2012
    Location
    Jogja
    Posts
    405
    Reviews
    Read 0 Reviews
    Downloads
    1
    Uploads
    0
    Feedback Score
    0
    ip lokal dan ip user VPN jadiin 1 subnet

 

 

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. [ASK] client tidak bisa ping tapi radio bisa ping keluarrr....
    By monkeydedragon in forum Wireless Networking
    Replies: 3
    Last Post: 19-05-2013, 10:27
  2. [ASK] VPN tidak bisa ping ke jaringan lokal
    By spirit in forum General Networking
    Replies: 1
    Last Post: 01-03-2012, 19:18
  3. [ASK] Tidak Bisa Join 1 Net (DoTa) <--LB+Proxy 3Speedy+1 ISP lokal
    By ryuzu in forum General Networking
    Replies: 2
    Last Post: 30-01-2012, 04:43
  4. [ASK] pptp client tidak bisa masuk ke lan lokal, menggunakan 2 isp
    By faridardian in forum General Networking
    Replies: 1
    Last Post: 22-10-2011, 19:54
  5. Replies: 2
    Last Post: 11-03-2011, 12:19

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •