Код: Выделить всё
/ip firewall nat
add action=netmap chain=srcnat dst-address=171.45.211.32 src-address=192.168.0.0/16 to-addresses=175.55.188.0/24
Код: Выделить всё
/ip firewall nat
add action=netmap chain=srcnat dst-address=171.45.211.32 src-address=192.168.0.0/16 to-addresses=175.55.188.0/24
Как всегда Chupaka имеет ответы на все вопросы, спасибо!Chupaka писал(а):Всё равно, под какими они адресами пойдут?
Код: Выделить всё
/ip firewall nat add action=netmap chain=srcnat dst-address=171.45.211.32 src-address=192.168.0.0/16 to-addresses=175.55.188.0/24
Код: Выделить всё
[admin@TestPlace] /ip ipsec peer> get 0
address exchange-mode policy-template-group
auth-method generate-policy port
certificate hash-algorithm proposal-check
comment key remote-certificate
compatibility-options lifebytes remote-key
dh-group lifetime responder
disabled local-address secret
dpd-interval mode-config send-initial-contact
dpd-maximum-failures my-id xauth-login
dynamic nat-traversal xauth-password
enc-algorithm passive value-name
Код: Выделить всё
#
/ip ipsec mode-config
add address-pool=ipsec-pool name=cfg1 split-include=192.168.4.0/24,10.2.2.0/24,192.168.89.0/24
/ip ipsec policy group
add name=group1
/ip ipsec proposal
set [ find default=yes ] disabled=yes enc-algorithms=3des
add enc-algorithms=3des name=proposal1
/ip ipsec peer
add address=0.0.0.0/0 enc-algorithm=3des generate-policy=port-override mode-config=cfg1 nat-traversal=no passive=yes \
policy-template-group=group1 secret=v1rkmbv9ieqc send-initial-contact=no
/ip ipsec policy
set 0 disabled=yes dst-address=0.0.0.0/0 src-address=0.0.0.0/0
add disabled=yes dst-address=192.168.89.0/24 group=group1 proposal=proposal1 src-address=192.168.4.0/24 template=yes
add disabled=yes dst-address=192.168.4.0/24 group=group1 proposal=proposal1 src-address=192.168.89.0/24 template=yes
add dst-address=0.0.0.0/0 group=group1 proposal=proposal1 src-address=0.0.0.0/0 template=yes
Код: Выделить всё
#
/ip ipsec proposal
set [ find default=yes ] enc-algorithms=aes-256-cbc,aes-192-cbc,aes-128-cbc,3des
/ip ipsec peer
add address=x.x.x.x/32 generate-policy=port-override mode-config=request-only secret=v1rkmbv9ieqc
Код: Выделить всё
[admin@MikroTik] > ip route print
Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, B - blackhole, U - unreachable, P - prohibit
# DST-ADDRESS PREF-SRC GATEWAY DISTANCE
0 ADS 0.0.0.0/0 10.112.112.128 1
1 ADC 10.112.112.128/32 10.235.196.215 ppp-out1 0
2 ADC 10.255.255.1/32 10.255.255.1 loopback 0
3 A S 192.168.4.0/24 192.168.89.115 192.168.89.1 1
4 ADC 192.168.78.0/24 192.168.78.1 bridge-local 0
5 ADC 192.168.89.0/24 192.168.89.115 ppp-out1 0
Код: Выделить всё
[admin@MikroTik] > ping 192.168.4.9
SEQ HOST SIZE TTL TIME STATUS
0 192.168.4.9 56 127 82ms
1 192.168.4.9 56 127 87ms
2 192.168.4.9 56 127 87ms
3 192.168.4.9 56 127 85ms
4 192.168.4.9 56 127 86ms
sent=5 received=5 packet-loss=0% min-rtt=82ms avg-rtt=85ms max-rtt=87ms