?
Solved

Limited access to local network for VPN users

Posted on 2008-09-30
8
Medium Priority
?
1,139 Views
Last Modified: 2012-05-05
I have set up a VPN tunnel for users to connect using the Cisco VPN Client v5.0
-Phase 1  authentication via certificates
-Phase 2 authentication with LDAP protocol (using Microsoft active directory).

Till there setup is successful.  The problem is that now users will have FULL access to the internal network and I don't want this.  

What I have tried to do is to create an access-list for the vpn users and applied it to the dynamic crypto map.  Once I issued this command the VPN failed to connect.  phase 1 and phase 2 complete successfully but immediately after the SA is destroyed and the connection drops.  I get the attached error.

command:
 crypto dynamic-map outside_dyn_map 50 match address vpn_client_access

where vpn_client_access is the name of the access-list

Any clues?
Is there another method to implement this?
1635   14:56:07.248  09/25/08  Sev=Info/4       IKE/0x63000014
RECEIVING <<< ISAKMP OAK INFO *(HASH, NOTIFY:INVALID_ID_INFO) from 1.1.1.1
 
1636   14:56:07.248  09/25/08  Sev=Info/4       IKE/0x63000013
SENDING >>> ISAKMP OAK INFO *(HASH, DEL) to 1.1.1.1
 
1637   14:56:07.248  09/25/08  Sev=Info/4       IKE/0x63000049
Discarding IPsec SA negotiation, MsgID=C75EF835
 
1638   14:56:07.248  09/25/08  Sev=Info/4       IKE/0x63000017
Marking IKE SA for deletion  (I_Cookie=0A974FDFEE219F0E R_Cookie=81EFBD25A20F09F7) reason = DEL_REASON_IKE_NEG_FAILED
 
1639   14:56:07.248  09/25/08  Sev=Info/5       IKE/0x6300002F
Received ISAKMP packet: peer = 1.1.1.1
 
1640   14:56:07.248  09/25/08  Sev=Info/4       IKE/0x63000058
Received an ISAKMP message for a non-active SA, I_Cookie=0A974FDFEE219F0E R_Cookie=81EFBD25A20F09F7
 
1641   14:56:07.248  09/25/08  Sev=Info/4       IKE/0x63000014
RECEIVING <<< ISAKMP OAK INFO *(Dropped) from 1.1.1.1
 
1642   14:56:07.436  09/25/08  Sev=Info/4       IPSEC/0x63700014
Deleted all keys
 
1643   14:56:10.436  09/25/08  Sev=Info/4       IKE/0x6300004B
Discarding IKE SA negotiation (I_Cookie=0A974FDFEE219F0E R_Cookie=81EFBD25A20F09F7) reason = DEL_REASON_IKE_NEG_FAILED
 
1644   14:56:10.436  09/25/08  Sev=Info/4       CM/0x63100012
Phase 1 SA deleted before first Phase 2 SA is up cause by "DEL_REASON_IKE_NEG_FAILED".  0 Crypto Active IKE SA, 0 User Authenticated IKE SA in the system

Open in new window

0
Comment
Question by:ixarissysadmin
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 4
8 Comments
 
LVL 12

Expert Comment

by:sarangk_14
ID: 22612443
I don't know a lot about VPN, but tell me one thing:
Have you ensured that the server that you want the VPN users to access, is not blocked by your access-list?

Cheers
0
 

Author Comment

by:ixarissysadmin
ID: 22612541
yes!

the problem is that when I use the command:

 crypto dynamic-map outside_dyn_map 50 match address vpn_client_access

the vpn client does not connect!!
0
 
LVL 12

Expert Comment

by:sarangk_14
ID: 22612745
Hi,

Can you post the router config? (sanitized of course)
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:ixarissysadmin
ID: 22612792
I can give you the configuration of the vpn client .. see attached
access-list NoNAT_vpn_WAN extended permit ip 192.168.0.0 255.255.255.0 10.0.250.0 255.255.255.192
access-list NoNAT_vpn_WAN extended permit ip 10.0.0.0 255.255.254.0 10.0.250.0 255.255.255.192
 
 
access-list dynmap_vpnclient extended permit ip 10.0.250.0 255.255.255.192 10.1.0.0 255.255.0.0
access-list dynmap_vpnclient extended permit ip 10.0.250.0 255.255.255.192 192.168.1.0 255.255.255.0
 
nat (users) 0 access-list NoNAT_vpn_WAN
 
 
ip local pool vpnpool 10.0.250.1-10.0.250.62 mask 255.255.255.192
 
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto dynamic-map outside_dyn_map 20 match address dynmap_vpnclient
crypto dynamic-map outside_dyn_map 20 set pfs
crypto dynamic-map outside_dyn_map 20 set transform-set ESP-3DES-SHA
crypto map WAN 65535 ipsec-isakmp dynamic outside_dyn_map
crypto map WAN interface outside
 
crypto isakmp enable outside
 
crypto isakmp policy 65535
 authentication rsa-sig
 encryption 3des
 hash sha
 group 2
 lifetime 86400
 
group-policy NOACCESS internal
group-policy NOACCESS attributes
 vpn-simultaneous-logins 0
 vpn-tunnel-protocol IPSec
group-policy allow-vpn-access internal
group-policy allow-vpn-access attributes
 banner value Welcome! You are logged in as a VPN user :)
 dns-server value 192.168.0.10
 vpn-simultaneous-logins 1
 vpn-tunnel-protocol IPSec
 default-domain value xxxxx.com
 
 
tunnel-group DefaultRAGroup general-attributes    
 address-pool vpnpool                             
 authentication-server-group ldap_server_grp LOCAL
 default-group-policy NOACCESS                    
tunnel-group DefaultRAGroup ipsec-attributes      
 trust-point client-vpn                           

Open in new window

0
 
LVL 12

Expert Comment

by:sarangk_14
ID: 22613199
can you throw some light on the following two lines from the configuration?

access-list NoNAT_vpn_WAN extended permit ip 192.168.0.0 255.255.255.0 10.0.250.0 255.255.255.192

dns-server value 192.168.0.10

Cheers
0
 
LVL 12

Expert Comment

by:sarangk_14
ID: 22613263
Also, can you attach some part of the log before the one you have posted in the original question?
0
 

Author Comment

by:ixarissysadmin
ID: 22613896
regarding the first question:
traffic sourced from the internal network to the VPN pool is not NAT'd via nat0 ACLs

Attached is the whole log:

x.x.x.x is the firewall extenal ip
183    15:16:06.093  10/01/08  Sev=Info/6	CERT/0x63600025
Attempting to find a Certificate using Serial Hash.
 
184    15:16:06.093  10/01/08  Sev=Info/6	CERT/0x63600026
Found a Certificate using Serial Hash.
 
185    15:16:06.140  10/01/08  Sev=Info/4	CM/0x63100002
Begin connection process
 
186    15:16:06.109  10/01/08  Sev=Info/6	CERT/0x63600025
Attempting to find a Certificate using Serial Hash.
 
187    15:16:06.140  10/01/08  Sev=Info/4	CM/0x63100004
Establish secure connection
 
188    15:16:06.109  10/01/08  Sev=Info/6	CERT/0x63600026
Found a Certificate using Serial Hash.
 
189    15:16:06.140  10/01/08  Sev=Info/4	CM/0x63100024
Attempt connection with server "x.x.x.x"
 
190    15:16:06.109  10/01/08  Sev=Info/6	CERT/0x63600025
Attempting to find a Certificate using Serial Hash.
 
191    15:16:06.140  10/01/08  Sev=Info/6	IKE/0x6300003B
Attempting to establish a connection with x.x.x.x.
 
192    15:16:06.125  10/01/08  Sev=Info/6	CERT/0x63600026
Found a Certificate using Serial Hash.
 
193    15:16:06.156  10/01/08  Sev=Info/6	CERT/0x63600025
Attempting to find a Certificate using Serial Hash.
 
194    15:16:06.125  10/01/08  Sev=Info/4	CERT/0x63600015
Cert (cn=Denise Vassallo,cn=Users,dc=casaroma,dc=ixaris,dc=com) verification succeeded.
 
195    15:16:06.156  10/01/08  Sev=Info/6	CERT/0x63600026
Found a Certificate using Serial Hash.
 
196    15:16:06.187  10/01/08  Sev=Info/4	CERT/0x63600015
Cert (cn=Denise Vassallo,cn=Users,dc=casaroma,dc=ixaris,dc=com) verification succeeded.
 
197    15:16:06.187  10/01/08  Sev=Info/4	IKE/0x63000013
SENDING >>> ISAKMP OAK MM (SA, VID(Xauth), VID(dpd), VID(Frag), VID(Nat-T), VID(Unity)) to x.x.x.x
 
198    15:16:06.484  10/01/08  Sev=Info/5	IKE/0x6300002F
Received ISAKMP packet: peer = x.x.x.x
 
199    15:16:06.484  10/01/08  Sev=Info/4	IKE/0x63000014
RECEIVING <<< ISAKMP OAK MM (SA, VID(Nat-T), VID(Frag)) from x.x.x.x
 
200    15:16:06.500  10/01/08  Sev=Info/5	IKE/0x63000001
Peer supports NAT-T
 
201    15:16:06.500  10/01/08  Sev=Info/5	IKE/0x63000001
Peer supports IKE fragmentation payloads
 
202    15:16:06.500  10/01/08  Sev=Info/6	IKE/0x63000001
IOS Vendor ID Contruction successful
 
203    15:16:06.500  10/01/08  Sev=Info/4	IKE/0x63000013
SENDING >>> ISAKMP OAK MM (KE, NON, NAT-D, NAT-D, VID(?), VID(Unity)) to x.x.x.x
 
204    15:16:06.546  10/01/08  Sev=Info/4	IPSEC/0x63700008
IPSec driver successfully started
 
205    15:16:06.546  10/01/08  Sev=Info/4	IPSEC/0x63700014
Deleted all keys
 
206    15:16:06.656  10/01/08  Sev=Info/5	IKE/0x6300002F
Received ISAKMP packet: peer = x.x.x.x
 
207    15:16:06.656  10/01/08  Sev=Info/4	IKE/0x63000014
RECEIVING <<< ISAKMP OAK MM (KE, NON, CERT_REQ, VID(Unity), VID(Xauth), VID(?), VID(?), NAT-D, NAT-D) from x.x.x.x
 
208    15:16:06.656  10/01/08  Sev=Info/5	IKE/0x63000001
Peer is a Cisco-Unity compliant peer
 
209    15:16:06.656  10/01/08  Sev=Info/5	IKE/0x63000001
Peer supports XAUTH
 
210    15:16:06.656  10/01/08  Sev=Info/5	IKE/0x63000082
Received IOS Vendor ID with unknown capabilities flag 0x20000001
 
211    15:16:06.687  10/01/08  Sev=Info/4	CERT/0x6360001B
No smart card readers with cards inserted found.
 
212    15:16:06.734  10/01/08  Sev=Info/4	IKE/0x63000013
SENDING >>> ISAKMP OAK MM *(ID, CERT, CERT_REQ, SIG, NOTIFY:STATUS_INITIAL_CONTACT) to x.x.x.x
 
213    15:16:06.734  10/01/08  Sev=Info/4	IKE/0x63000013
SENDING >>> ISAKMP OAK MM (FRAG) to x.x.x.x
 
214    15:16:06.734  10/01/08  Sev=Info/4	IKE/0x63000013
SENDING >>> ISAKMP OAK MM (FRAG) to x.x.x.x
 
215    15:16:06.734  10/01/08  Sev=Info/4	IKE/0x63000013
SENDING >>> ISAKMP OAK MM (FRAG) to x.x.x.x
 
216    15:16:06.734  10/01/08  Sev=Info/4	IKE/0x63000013
SENDING >>> ISAKMP OAK MM (FRAG) to x.x.x.x
 
217    15:16:06.734  10/01/08  Sev=Info/4	IKE/0x63000013
SENDING >>> ISAKMP OAK MM (FRAG) to x.x.x.x
 
218    15:16:07.484  10/01/08  Sev=Info/5	IKE/0x6300002F
Received ISAKMP packet: peer = x.x.x.x
 
219    15:16:07.484  10/01/08  Sev=Info/4	IKE/0x63000014
RECEIVING <<< ISAKMP OAK MM (FRAG) from x.x.x.x
 
220    15:16:07.484  10/01/08  Sev=Info/5	IKE/0x6300002F
Received ISAKMP packet: peer = x.x.x.x
 
221    15:16:07.484  10/01/08  Sev=Info/4	IKE/0x63000014
RECEIVING <<< ISAKMP OAK MM (FRAG) from x.x.x.x
 
222    15:16:07.484  10/01/08  Sev=Info/5	IKE/0x6300002F
Received ISAKMP packet: peer = x.x.x.x
 
223    15:16:07.484  10/01/08  Sev=Info/4	IKE/0x63000014
RECEIVING <<< ISAKMP OAK MM (FRAG) from x.x.x.x
 
224    15:16:07.484  10/01/08  Sev=Info/5	IKE/0x6300002F
Received ISAKMP packet: peer = x.x.x.x
 
225    15:16:07.484  10/01/08  Sev=Info/4	IKE/0x63000014
RECEIVING <<< ISAKMP OAK MM (FRAG) from x.x.x.x
 
226    15:16:07.484  10/01/08  Sev=Info/5	IKE/0x63000073
All fragments received.
 
227    15:16:07.484  10/01/08  Sev=Info/4	IKE/0x63000014
RECEIVING <<< ISAKMP OAK MM *(ID, CERT, SIG, VID(dpd)) from x.x.x.x
 
228    15:16:07.500  10/01/08  Sev=Info/4	CERT/0x63600015
Cert (1.2.840.113549.1.9.2=#13196d742d66772d6661696c6f7665722e6978617269732e636f6d) verification succeeded.
 
229    15:16:07.500  10/01/08  Sev=Info/5	IKE/0x63000001
Peer supports DPD
 
230    15:16:07.500  10/01/08  Sev=Info/4	IKE/0x63000083
IKE Port in use - Local Port =  0x0D79, Remote Port = 0x01F4
 
231    15:16:07.500  10/01/08  Sev=Info/5	IKE/0x63000072
Automatic NAT Detection Status:
   Remote end is NOT behind a NAT device
   This   end is NOT behind a NAT device
 
232    15:16:07.500  10/01/08  Sev=Info/4	CM/0x6310000E
Established Phase 1 SA.  1 Crypto Active IKE SA, 0 User Authenticated IKE SA in the system
 
233    15:16:08.437  10/01/08  Sev=Info/5	IKE/0x6300002F
Received ISAKMP packet: peer = x.x.x.x
 
234    15:16:08.437  10/01/08  Sev=Info/4	IKE/0x63000014
RECEIVING <<< ISAKMP OAK TRANS *(HASH, ATTR) from x.x.x.x
 
235    15:16:08.437  10/01/08  Sev=Info/4	CM/0x63100015
Launch xAuth application
 
236    15:16:12.187  10/01/08  Sev=Info/4	CM/0x63100017
xAuth application returned
 
237    15:16:12.187  10/01/08  Sev=Info/4	IKE/0x63000013
SENDING >>> ISAKMP OAK TRANS *(HASH, ATTR) to x.x.x.x
 
238    15:16:12.390  10/01/08  Sev=Info/5	IKE/0x6300002F
Received ISAKMP packet: peer = x.x.x.x
 
239    15:16:12.390  10/01/08  Sev=Info/4	IKE/0x63000014
RECEIVING <<< ISAKMP OAK TRANS *(HASH, ATTR) from x.x.x.x
 
240    15:16:12.390  10/01/08  Sev=Info/4	IKE/0x63000013
SENDING >>> ISAKMP OAK TRANS *(HASH, ATTR) to x.x.x.x
 
241    15:16:12.390  10/01/08  Sev=Info/4	CM/0x6310000E
Established Phase 1 SA.  1 Crypto Active IKE SA, 1 User Authenticated IKE SA in the system
 
242    15:16:12.406  10/01/08  Sev=Info/5	IKE/0x6300005E
Client sending a firewall request to concentrator
 
243    15:16:12.406  10/01/08  Sev=Info/5	IKE/0x6300005D
Firewall Policy: Product=Cisco Systems Integrated Client Firewall, Capability= (Centralized Protection Policy).
 
244    15:16:12.421  10/01/08  Sev=Info/4	IKE/0x63000013
SENDING >>> ISAKMP OAK TRANS *(HASH, ATTR) to x.x.x.x
 
245    15:16:12.593  10/01/08  Sev=Info/5	IKE/0x6300002F
Received ISAKMP packet: peer = x.x.x.x
 
246    15:16:12.593  10/01/08  Sev=Info/4	IKE/0x63000014
RECEIVING <<< ISAKMP OAK TRANS *(HASH, ATTR) from x.x.x.x
 
247    15:16:12.593  10/01/08  Sev=Info/5	IKE/0x63000010
MODE_CFG_REPLY: Attribute = INTERNAL_IPV4_ADDRESS: , value = 10.0.250.1
 
248    15:16:12.593  10/01/08  Sev=Info/5	IKE/0x63000010
MODE_CFG_REPLY: Attribute = INTERNAL_IPV4_NETMASK: , value = 255.255.255.192
 
249    15:16:12.593  10/01/08  Sev=Info/5	IKE/0x6300000E
MODE_CFG_REPLY: Attribute = MODECFG_UNITY_BANNER, value = Welcome! You are logged in as a VPN user :)
 
 
250    15:16:12.593  10/01/08  Sev=Info/5	IKE/0x6300000D
MODE_CFG_REPLY: Attribute = MODECFG_UNITY_SAVEPWD: , value = 0x00000000
 
251    15:16:12.593  10/01/08  Sev=Info/5	IKE/0x6300000E
MODE_CFG_REPLY: Attribute = MODECFG_UNITY_DEFDOMAIN: , value = ixaris.com
 
252    15:16:12.593  10/01/08  Sev=Info/5	IKE/0x6300000D
MODE_CFG_REPLY: Attribute = MODECFG_UNITY_PFS: , value = 0x00000000
 
253    15:16:12.593  10/01/08  Sev=Info/5	IKE/0x6300000E
MODE_CFG_REPLY: Attribute = APPLICATION_VERSION, value = Cisco Systems, Inc ASA5510 Version 8.0(3) built by builders on Tue 06-Nov-07 22:59
 
254    15:16:12.593  10/01/08  Sev=Info/4	CM/0x63100019
Mode Config data received
 
255    15:16:12.609  10/01/08  Sev=Info/4	IKE/0x63000056
Received a key request from Driver: Local IP = 10.0.250.1, GW IP = x.x.x.x, Remote IP = 0.0.0.0
 
256    15:16:12.609  10/01/08  Sev=Info/4	IKE/0x63000013
SENDING >>> ISAKMP OAK QM *(HASH, SA, NON, ID, ID) to x.x.x.x
 
257    15:16:12.890  10/01/08  Sev=Info/5	IKE/0x6300002F
Received ISAKMP packet: peer = x.x.x.x
 
258    15:16:12.890  10/01/08  Sev=Info/4	IKE/0x63000014
RECEIVING <<< ISAKMP OAK INFO *(HASH, NOTIFY:STATUS_RESP_LIFETIME) from x.x.x.x
 
259    15:16:12.890  10/01/08  Sev=Info/5	IKE/0x63000045
RESPONDER-LIFETIME notify has value of 86400 seconds
 
260    15:16:12.890  10/01/08  Sev=Info/5	IKE/0x63000047
This SA has already been alive for 6 seconds, setting expiry to 86394 seconds from now
 
261    15:16:12.890  10/01/08  Sev=Info/5	IKE/0x6300002F
Received ISAKMP packet: peer = x.x.x.x
 
262    15:16:12.890  10/01/08  Sev=Info/4	IKE/0x63000014
RECEIVING <<< ISAKMP OAK INFO (FRAG) from x.x.x.x
 
263    15:16:12.890  10/01/08  Sev=Info/5	IKE/0x6300002F
Received ISAKMP packet: peer = x.x.x.x
 
264    15:16:12.890  10/01/08  Sev=Info/4	IKE/0x63000014
RECEIVING <<< ISAKMP OAK INFO (FRAG) from x.x.x.x
 
265    15:16:12.890  10/01/08  Sev=Info/5	IKE/0x6300002F
Received ISAKMP packet: peer = x.x.x.x
 
266    15:16:12.890  10/01/08  Sev=Info/4	IKE/0x63000014
RECEIVING <<< ISAKMP OAK INFO (FRAG) from x.x.x.x
 
267    15:16:12.890  10/01/08  Sev=Info/5	IKE/0x63000073
All fragments received.
 
268    15:16:12.890  10/01/08  Sev=Info/4	IKE/0x63000014
RECEIVING <<< ISAKMP OAK INFO *(HASH, NOTIFY:INVALID_ID_INFO) from x.x.x.x
 
269    15:16:12.890  10/01/08  Sev=Info/4	IKE/0x63000013
SENDING >>> ISAKMP OAK INFO *(HASH, DEL) to x.x.x.x
 
270    15:16:12.890  10/01/08  Sev=Info/4	IKE/0x63000049
Discarding IPsec SA negotiation, MsgID=061B7BAC
 
271    15:16:12.890  10/01/08  Sev=Info/4	IKE/0x63000017
Marking IKE SA for deletion  (I_Cookie=79A4461E7FE9AE6A R_Cookie=A7AFB87AAA5FFD0C) reason = DEL_REASON_IKE_NEG_FAILED
 
272    15:16:12.890  10/01/08  Sev=Info/5	IKE/0x6300002F
Received ISAKMP packet: peer = x.x.x.x
 
273    15:16:12.890  10/01/08  Sev=Info/4	IKE/0x63000058
Received an ISAKMP message for a non-active SA, I_Cookie=79A4461E7FE9AE6A R_Cookie=A7AFB87AAA5FFD0C
 
274    15:16:12.890  10/01/08  Sev=Info/4	IKE/0x63000014
RECEIVING <<< ISAKMP OAK INFO *(Dropped) from x.x.x.x
 
275    15:16:13.046  10/01/08  Sev=Info/4	IPSEC/0x63700014
Deleted all keys
 
276    15:16:16.046  10/01/08  Sev=Info/4	IKE/0x6300004B
Discarding IKE SA negotiation (I_Cookie=79A4461E7FE9AE6A R_Cookie=A7AFB87AAA5FFD0C) reason = DEL_REASON_IKE_NEG_FAILED
 
277    15:16:16.046  10/01/08  Sev=Info/4	CM/0x63100012
Phase 1 SA deleted before first Phase 2 SA is up cause by "DEL_REASON_IKE_NEG_FAILED".  0 Crypto Active IKE SA, 0 User Authenticated IKE SA in the system
 
278    15:16:16.046  10/01/08  Sev=Info/5	CM/0x63100025
Initializing CVPNDrv
 
279    15:16:16.046  10/01/08  Sev=Info/6	CM/0x63100046
Set tunnel established flag in registry to 0.
 
280    15:16:16.046  10/01/08  Sev=Info/4	IKE/0x63000001
IKE received signal to terminate VPN connection
 
281    15:16:16.062  10/01/08  Sev=Info/4	IPSEC/0x63700014
Deleted all keys
 
282    15:16:16.062  10/01/08  Sev=Info/4	IPSEC/0x63700014
Deleted all keys
 
283    15:16:16.062  10/01/08  Sev=Info/4	IPSEC/0x63700014
Deleted all keys
 
284    15:16:16.062  10/01/08  Sev=Info/4	IPSEC/0x6370000A
IPSec driver successfully stopped

Open in new window

0
 

Accepted Solution

by:
ixarissysadmin earned 0 total points
ID: 22632017
Problem has been solved.  The above should be done using the command in the group-policy::

vpn-filter value access-list-name
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
Most of the applications these days are on Cloud. Cloud is ubiquitous with many service providers in the market. Since it has many benefits such as cost reduction, software updates, remote access, disaster recovery and much more.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Suggested Courses

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question