Solved

Limited access to local network for VPN users

Posted on 2008-09-30
8
1,110 Views
Last Modified: 2012-05-05
I have set up a VPN tunnel for users to connect using the Cisco VPN Client v5.0
-Phase 1  authentication via certificates
-Phase 2 authentication with LDAP protocol (using Microsoft active directory).

Till there setup is successful.  The problem is that now users will have FULL access to the internal network and I don't want this.  

What I have tried to do is to create an access-list for the vpn users and applied it to the dynamic crypto map.  Once I issued this command the VPN failed to connect.  phase 1 and phase 2 complete successfully but immediately after the SA is destroyed and the connection drops.  I get the attached error.

command:
 crypto dynamic-map outside_dyn_map 50 match address vpn_client_access

where vpn_client_access is the name of the access-list

Any clues?
Is there another method to implement this?
1635   14:56:07.248  09/25/08  Sev=Info/4       IKE/0x63000014

RECEIVING <<< ISAKMP OAK INFO *(HASH, NOTIFY:INVALID_ID_INFO) from 1.1.1.1

 

1636   14:56:07.248  09/25/08  Sev=Info/4       IKE/0x63000013

SENDING >>> ISAKMP OAK INFO *(HASH, DEL) to 1.1.1.1

 

1637   14:56:07.248  09/25/08  Sev=Info/4       IKE/0x63000049

Discarding IPsec SA negotiation, MsgID=C75EF835

 

1638   14:56:07.248  09/25/08  Sev=Info/4       IKE/0x63000017

Marking IKE SA for deletion  (I_Cookie=0A974FDFEE219F0E R_Cookie=81EFBD25A20F09F7) reason = DEL_REASON_IKE_NEG_FAILED

 

1639   14:56:07.248  09/25/08  Sev=Info/5       IKE/0x6300002F

Received ISAKMP packet: peer = 1.1.1.1

 

1640   14:56:07.248  09/25/08  Sev=Info/4       IKE/0x63000058

Received an ISAKMP message for a non-active SA, I_Cookie=0A974FDFEE219F0E R_Cookie=81EFBD25A20F09F7

 

1641   14:56:07.248  09/25/08  Sev=Info/4       IKE/0x63000014

RECEIVING <<< ISAKMP OAK INFO *(Dropped) from 1.1.1.1

 

1642   14:56:07.436  09/25/08  Sev=Info/4       IPSEC/0x63700014

Deleted all keys

 

1643   14:56:10.436  09/25/08  Sev=Info/4       IKE/0x6300004B

Discarding IKE SA negotiation (I_Cookie=0A974FDFEE219F0E R_Cookie=81EFBD25A20F09F7) reason = DEL_REASON_IKE_NEG_FAILED

 

1644   14:56:10.436  09/25/08  Sev=Info/4       CM/0x63100012

Phase 1 SA deleted before first Phase 2 SA is up cause by "DEL_REASON_IKE_NEG_FAILED".  0 Crypto Active IKE SA, 0 User Authenticated IKE SA in the system

Open in new window

0
Comment
Question by:ixarissysadmin
  • 4
  • 4
8 Comments
 
LVL 12

Expert Comment

by:sarangk_14
ID: 22612443
I don't know a lot about VPN, but tell me one thing:
Have you ensured that the server that you want the VPN users to access, is not blocked by your access-list?

Cheers
0
 

Author Comment

by:ixarissysadmin
ID: 22612541
yes!

the problem is that when I use the command:

 crypto dynamic-map outside_dyn_map 50 match address vpn_client_access

the vpn client does not connect!!
0
 
LVL 12

Expert Comment

by:sarangk_14
ID: 22612745
Hi,

Can you post the router config? (sanitized of course)
0
 

Author Comment

by:ixarissysadmin
ID: 22612792
I can give you the configuration of the vpn client .. see attached
access-list NoNAT_vpn_WAN extended permit ip 192.168.0.0 255.255.255.0 10.0.250.0 255.255.255.192

access-list NoNAT_vpn_WAN extended permit ip 10.0.0.0 255.255.254.0 10.0.250.0 255.255.255.192
 
 

access-list dynmap_vpnclient extended permit ip 10.0.250.0 255.255.255.192 10.1.0.0 255.255.0.0

access-list dynmap_vpnclient extended permit ip 10.0.250.0 255.255.255.192 192.168.1.0 255.255.255.0
 

nat (users) 0 access-list NoNAT_vpn_WAN
 

 

ip local pool vpnpool 10.0.250.1-10.0.250.62 mask 255.255.255.192

 

crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac

crypto dynamic-map outside_dyn_map 20 match address dynmap_vpnclient

crypto dynamic-map outside_dyn_map 20 set pfs

crypto dynamic-map outside_dyn_map 20 set transform-set ESP-3DES-SHA

crypto map WAN 65535 ipsec-isakmp dynamic outside_dyn_map

crypto map WAN interface outside

 

crypto isakmp enable outside

 

crypto isakmp policy 65535

 authentication rsa-sig

 encryption 3des

 hash sha

 group 2

 lifetime 86400

 

group-policy NOACCESS internal

group-policy NOACCESS attributes

 vpn-simultaneous-logins 0

 vpn-tunnel-protocol IPSec

group-policy allow-vpn-access internal

group-policy allow-vpn-access attributes

 banner value Welcome! You are logged in as a VPN user :)

 dns-server value 192.168.0.10

 vpn-simultaneous-logins 1

 vpn-tunnel-protocol IPSec

 default-domain value xxxxx.com

 

 

tunnel-group DefaultRAGroup general-attributes    

 address-pool vpnpool                             

 authentication-server-group ldap_server_grp LOCAL

 default-group-policy NOACCESS                    

tunnel-group DefaultRAGroup ipsec-attributes      

 trust-point client-vpn                           

Open in new window

0
Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

 
LVL 12

Expert Comment

by:sarangk_14
ID: 22613199
can you throw some light on the following two lines from the configuration?

access-list NoNAT_vpn_WAN extended permit ip 192.168.0.0 255.255.255.0 10.0.250.0 255.255.255.192

dns-server value 192.168.0.10

Cheers
0
 
LVL 12

Expert Comment

by:sarangk_14
ID: 22613263
Also, can you attach some part of the log before the one you have posted in the original question?
0
 

Author Comment

by:ixarissysadmin
ID: 22613896
regarding the first question:
traffic sourced from the internal network to the VPN pool is not NAT'd via nat0 ACLs

Attached is the whole log:

x.x.x.x is the firewall extenal ip
183    15:16:06.093  10/01/08  Sev=Info/6	CERT/0x63600025

Attempting to find a Certificate using Serial Hash.
 

184    15:16:06.093  10/01/08  Sev=Info/6	CERT/0x63600026

Found a Certificate using Serial Hash.
 

185    15:16:06.140  10/01/08  Sev=Info/4	CM/0x63100002

Begin connection process
 

186    15:16:06.109  10/01/08  Sev=Info/6	CERT/0x63600025

Attempting to find a Certificate using Serial Hash.
 

187    15:16:06.140  10/01/08  Sev=Info/4	CM/0x63100004

Establish secure connection
 

188    15:16:06.109  10/01/08  Sev=Info/6	CERT/0x63600026

Found a Certificate using Serial Hash.
 

189    15:16:06.140  10/01/08  Sev=Info/4	CM/0x63100024

Attempt connection with server "x.x.x.x"
 

190    15:16:06.109  10/01/08  Sev=Info/6	CERT/0x63600025

Attempting to find a Certificate using Serial Hash.
 

191    15:16:06.140  10/01/08  Sev=Info/6	IKE/0x6300003B

Attempting to establish a connection with x.x.x.x.
 

192    15:16:06.125  10/01/08  Sev=Info/6	CERT/0x63600026

Found a Certificate using Serial Hash.
 

193    15:16:06.156  10/01/08  Sev=Info/6	CERT/0x63600025

Attempting to find a Certificate using Serial Hash.
 

194    15:16:06.125  10/01/08  Sev=Info/4	CERT/0x63600015

Cert (cn=Denise Vassallo,cn=Users,dc=casaroma,dc=ixaris,dc=com) verification succeeded.
 

195    15:16:06.156  10/01/08  Sev=Info/6	CERT/0x63600026

Found a Certificate using Serial Hash.
 

196    15:16:06.187  10/01/08  Sev=Info/4	CERT/0x63600015

Cert (cn=Denise Vassallo,cn=Users,dc=casaroma,dc=ixaris,dc=com) verification succeeded.
 

197    15:16:06.187  10/01/08  Sev=Info/4	IKE/0x63000013

SENDING >>> ISAKMP OAK MM (SA, VID(Xauth), VID(dpd), VID(Frag), VID(Nat-T), VID(Unity)) to x.x.x.x
 

198    15:16:06.484  10/01/08  Sev=Info/5	IKE/0x6300002F

Received ISAKMP packet: peer = x.x.x.x
 

199    15:16:06.484  10/01/08  Sev=Info/4	IKE/0x63000014

RECEIVING <<< ISAKMP OAK MM (SA, VID(Nat-T), VID(Frag)) from x.x.x.x
 

200    15:16:06.500  10/01/08  Sev=Info/5	IKE/0x63000001

Peer supports NAT-T
 

201    15:16:06.500  10/01/08  Sev=Info/5	IKE/0x63000001

Peer supports IKE fragmentation payloads
 

202    15:16:06.500  10/01/08  Sev=Info/6	IKE/0x63000001

IOS Vendor ID Contruction successful
 

203    15:16:06.500  10/01/08  Sev=Info/4	IKE/0x63000013

SENDING >>> ISAKMP OAK MM (KE, NON, NAT-D, NAT-D, VID(?), VID(Unity)) to x.x.x.x
 

204    15:16:06.546  10/01/08  Sev=Info/4	IPSEC/0x63700008

IPSec driver successfully started
 

205    15:16:06.546  10/01/08  Sev=Info/4	IPSEC/0x63700014

Deleted all keys
 

206    15:16:06.656  10/01/08  Sev=Info/5	IKE/0x6300002F

Received ISAKMP packet: peer = x.x.x.x
 

207    15:16:06.656  10/01/08  Sev=Info/4	IKE/0x63000014

RECEIVING <<< ISAKMP OAK MM (KE, NON, CERT_REQ, VID(Unity), VID(Xauth), VID(?), VID(?), NAT-D, NAT-D) from x.x.x.x
 

208    15:16:06.656  10/01/08  Sev=Info/5	IKE/0x63000001

Peer is a Cisco-Unity compliant peer
 

209    15:16:06.656  10/01/08  Sev=Info/5	IKE/0x63000001

Peer supports XAUTH
 

210    15:16:06.656  10/01/08  Sev=Info/5	IKE/0x63000082

Received IOS Vendor ID with unknown capabilities flag 0x20000001
 

211    15:16:06.687  10/01/08  Sev=Info/4	CERT/0x6360001B

No smart card readers with cards inserted found.
 

212    15:16:06.734  10/01/08  Sev=Info/4	IKE/0x63000013

SENDING >>> ISAKMP OAK MM *(ID, CERT, CERT_REQ, SIG, NOTIFY:STATUS_INITIAL_CONTACT) to x.x.x.x
 

213    15:16:06.734  10/01/08  Sev=Info/4	IKE/0x63000013

SENDING >>> ISAKMP OAK MM (FRAG) to x.x.x.x
 

214    15:16:06.734  10/01/08  Sev=Info/4	IKE/0x63000013

SENDING >>> ISAKMP OAK MM (FRAG) to x.x.x.x
 

215    15:16:06.734  10/01/08  Sev=Info/4	IKE/0x63000013

SENDING >>> ISAKMP OAK MM (FRAG) to x.x.x.x
 

216    15:16:06.734  10/01/08  Sev=Info/4	IKE/0x63000013

SENDING >>> ISAKMP OAK MM (FRAG) to x.x.x.x
 

217    15:16:06.734  10/01/08  Sev=Info/4	IKE/0x63000013

SENDING >>> ISAKMP OAK MM (FRAG) to x.x.x.x
 

218    15:16:07.484  10/01/08  Sev=Info/5	IKE/0x6300002F

Received ISAKMP packet: peer = x.x.x.x
 

219    15:16:07.484  10/01/08  Sev=Info/4	IKE/0x63000014

RECEIVING <<< ISAKMP OAK MM (FRAG) from x.x.x.x
 

220    15:16:07.484  10/01/08  Sev=Info/5	IKE/0x6300002F

Received ISAKMP packet: peer = x.x.x.x
 

221    15:16:07.484  10/01/08  Sev=Info/4	IKE/0x63000014

RECEIVING <<< ISAKMP OAK MM (FRAG) from x.x.x.x
 

222    15:16:07.484  10/01/08  Sev=Info/5	IKE/0x6300002F

Received ISAKMP packet: peer = x.x.x.x
 

223    15:16:07.484  10/01/08  Sev=Info/4	IKE/0x63000014

RECEIVING <<< ISAKMP OAK MM (FRAG) from x.x.x.x
 

224    15:16:07.484  10/01/08  Sev=Info/5	IKE/0x6300002F

Received ISAKMP packet: peer = x.x.x.x
 

225    15:16:07.484  10/01/08  Sev=Info/4	IKE/0x63000014

RECEIVING <<< ISAKMP OAK MM (FRAG) from x.x.x.x
 

226    15:16:07.484  10/01/08  Sev=Info/5	IKE/0x63000073

All fragments received.
 

227    15:16:07.484  10/01/08  Sev=Info/4	IKE/0x63000014

RECEIVING <<< ISAKMP OAK MM *(ID, CERT, SIG, VID(dpd)) from x.x.x.x
 

228    15:16:07.500  10/01/08  Sev=Info/4	CERT/0x63600015

Cert (1.2.840.113549.1.9.2=#13196d742d66772d6661696c6f7665722e6978617269732e636f6d) verification succeeded.
 

229    15:16:07.500  10/01/08  Sev=Info/5	IKE/0x63000001

Peer supports DPD
 

230    15:16:07.500  10/01/08  Sev=Info/4	IKE/0x63000083

IKE Port in use - Local Port =  0x0D79, Remote Port = 0x01F4
 

231    15:16:07.500  10/01/08  Sev=Info/5	IKE/0x63000072

Automatic NAT Detection Status:

   Remote end is NOT behind a NAT device

   This   end is NOT behind a NAT device
 

232    15:16:07.500  10/01/08  Sev=Info/4	CM/0x6310000E

Established Phase 1 SA.  1 Crypto Active IKE SA, 0 User Authenticated IKE SA in the system
 

233    15:16:08.437  10/01/08  Sev=Info/5	IKE/0x6300002F

Received ISAKMP packet: peer = x.x.x.x
 

234    15:16:08.437  10/01/08  Sev=Info/4	IKE/0x63000014

RECEIVING <<< ISAKMP OAK TRANS *(HASH, ATTR) from x.x.x.x
 

235    15:16:08.437  10/01/08  Sev=Info/4	CM/0x63100015

Launch xAuth application
 

236    15:16:12.187  10/01/08  Sev=Info/4	CM/0x63100017

xAuth application returned
 

237    15:16:12.187  10/01/08  Sev=Info/4	IKE/0x63000013

SENDING >>> ISAKMP OAK TRANS *(HASH, ATTR) to x.x.x.x
 

238    15:16:12.390  10/01/08  Sev=Info/5	IKE/0x6300002F

Received ISAKMP packet: peer = x.x.x.x
 

239    15:16:12.390  10/01/08  Sev=Info/4	IKE/0x63000014

RECEIVING <<< ISAKMP OAK TRANS *(HASH, ATTR) from x.x.x.x
 

240    15:16:12.390  10/01/08  Sev=Info/4	IKE/0x63000013

SENDING >>> ISAKMP OAK TRANS *(HASH, ATTR) to x.x.x.x
 

241    15:16:12.390  10/01/08  Sev=Info/4	CM/0x6310000E

Established Phase 1 SA.  1 Crypto Active IKE SA, 1 User Authenticated IKE SA in the system
 

242    15:16:12.406  10/01/08  Sev=Info/5	IKE/0x6300005E

Client sending a firewall request to concentrator
 

243    15:16:12.406  10/01/08  Sev=Info/5	IKE/0x6300005D

Firewall Policy: Product=Cisco Systems Integrated Client Firewall, Capability= (Centralized Protection Policy).
 

244    15:16:12.421  10/01/08  Sev=Info/4	IKE/0x63000013

SENDING >>> ISAKMP OAK TRANS *(HASH, ATTR) to x.x.x.x
 

245    15:16:12.593  10/01/08  Sev=Info/5	IKE/0x6300002F

Received ISAKMP packet: peer = x.x.x.x
 

246    15:16:12.593  10/01/08  Sev=Info/4	IKE/0x63000014

RECEIVING <<< ISAKMP OAK TRANS *(HASH, ATTR) from x.x.x.x
 

247    15:16:12.593  10/01/08  Sev=Info/5	IKE/0x63000010

MODE_CFG_REPLY: Attribute = INTERNAL_IPV4_ADDRESS: , value = 10.0.250.1
 

248    15:16:12.593  10/01/08  Sev=Info/5	IKE/0x63000010

MODE_CFG_REPLY: Attribute = INTERNAL_IPV4_NETMASK: , value = 255.255.255.192
 

249    15:16:12.593  10/01/08  Sev=Info/5	IKE/0x6300000E

MODE_CFG_REPLY: Attribute = MODECFG_UNITY_BANNER, value = Welcome! You are logged in as a VPN user :)
 
 

250    15:16:12.593  10/01/08  Sev=Info/5	IKE/0x6300000D

MODE_CFG_REPLY: Attribute = MODECFG_UNITY_SAVEPWD: , value = 0x00000000
 

251    15:16:12.593  10/01/08  Sev=Info/5	IKE/0x6300000E

MODE_CFG_REPLY: Attribute = MODECFG_UNITY_DEFDOMAIN: , value = ixaris.com
 

252    15:16:12.593  10/01/08  Sev=Info/5	IKE/0x6300000D

MODE_CFG_REPLY: Attribute = MODECFG_UNITY_PFS: , value = 0x00000000
 

253    15:16:12.593  10/01/08  Sev=Info/5	IKE/0x6300000E

MODE_CFG_REPLY: Attribute = APPLICATION_VERSION, value = Cisco Systems, Inc ASA5510 Version 8.0(3) built by builders on Tue 06-Nov-07 22:59
 

254    15:16:12.593  10/01/08  Sev=Info/4	CM/0x63100019

Mode Config data received
 

255    15:16:12.609  10/01/08  Sev=Info/4	IKE/0x63000056

Received a key request from Driver: Local IP = 10.0.250.1, GW IP = x.x.x.x, Remote IP = 0.0.0.0
 

256    15:16:12.609  10/01/08  Sev=Info/4	IKE/0x63000013

SENDING >>> ISAKMP OAK QM *(HASH, SA, NON, ID, ID) to x.x.x.x
 

257    15:16:12.890  10/01/08  Sev=Info/5	IKE/0x6300002F

Received ISAKMP packet: peer = x.x.x.x
 

258    15:16:12.890  10/01/08  Sev=Info/4	IKE/0x63000014

RECEIVING <<< ISAKMP OAK INFO *(HASH, NOTIFY:STATUS_RESP_LIFETIME) from x.x.x.x
 

259    15:16:12.890  10/01/08  Sev=Info/5	IKE/0x63000045

RESPONDER-LIFETIME notify has value of 86400 seconds
 

260    15:16:12.890  10/01/08  Sev=Info/5	IKE/0x63000047

This SA has already been alive for 6 seconds, setting expiry to 86394 seconds from now
 

261    15:16:12.890  10/01/08  Sev=Info/5	IKE/0x6300002F

Received ISAKMP packet: peer = x.x.x.x
 

262    15:16:12.890  10/01/08  Sev=Info/4	IKE/0x63000014

RECEIVING <<< ISAKMP OAK INFO (FRAG) from x.x.x.x
 

263    15:16:12.890  10/01/08  Sev=Info/5	IKE/0x6300002F

Received ISAKMP packet: peer = x.x.x.x
 

264    15:16:12.890  10/01/08  Sev=Info/4	IKE/0x63000014

RECEIVING <<< ISAKMP OAK INFO (FRAG) from x.x.x.x
 

265    15:16:12.890  10/01/08  Sev=Info/5	IKE/0x6300002F

Received ISAKMP packet: peer = x.x.x.x
 

266    15:16:12.890  10/01/08  Sev=Info/4	IKE/0x63000014

RECEIVING <<< ISAKMP OAK INFO (FRAG) from x.x.x.x
 

267    15:16:12.890  10/01/08  Sev=Info/5	IKE/0x63000073

All fragments received.
 

268    15:16:12.890  10/01/08  Sev=Info/4	IKE/0x63000014

RECEIVING <<< ISAKMP OAK INFO *(HASH, NOTIFY:INVALID_ID_INFO) from x.x.x.x
 

269    15:16:12.890  10/01/08  Sev=Info/4	IKE/0x63000013

SENDING >>> ISAKMP OAK INFO *(HASH, DEL) to x.x.x.x
 

270    15:16:12.890  10/01/08  Sev=Info/4	IKE/0x63000049

Discarding IPsec SA negotiation, MsgID=061B7BAC
 

271    15:16:12.890  10/01/08  Sev=Info/4	IKE/0x63000017

Marking IKE SA for deletion  (I_Cookie=79A4461E7FE9AE6A R_Cookie=A7AFB87AAA5FFD0C) reason = DEL_REASON_IKE_NEG_FAILED
 

272    15:16:12.890  10/01/08  Sev=Info/5	IKE/0x6300002F

Received ISAKMP packet: peer = x.x.x.x
 

273    15:16:12.890  10/01/08  Sev=Info/4	IKE/0x63000058

Received an ISAKMP message for a non-active SA, I_Cookie=79A4461E7FE9AE6A R_Cookie=A7AFB87AAA5FFD0C
 

274    15:16:12.890  10/01/08  Sev=Info/4	IKE/0x63000014

RECEIVING <<< ISAKMP OAK INFO *(Dropped) from x.x.x.x
 

275    15:16:13.046  10/01/08  Sev=Info/4	IPSEC/0x63700014

Deleted all keys
 

276    15:16:16.046  10/01/08  Sev=Info/4	IKE/0x6300004B

Discarding IKE SA negotiation (I_Cookie=79A4461E7FE9AE6A R_Cookie=A7AFB87AAA5FFD0C) reason = DEL_REASON_IKE_NEG_FAILED
 

277    15:16:16.046  10/01/08  Sev=Info/4	CM/0x63100012

Phase 1 SA deleted before first Phase 2 SA is up cause by "DEL_REASON_IKE_NEG_FAILED".  0 Crypto Active IKE SA, 0 User Authenticated IKE SA in the system
 

278    15:16:16.046  10/01/08  Sev=Info/5	CM/0x63100025

Initializing CVPNDrv
 

279    15:16:16.046  10/01/08  Sev=Info/6	CM/0x63100046

Set tunnel established flag in registry to 0.
 

280    15:16:16.046  10/01/08  Sev=Info/4	IKE/0x63000001

IKE received signal to terminate VPN connection
 

281    15:16:16.062  10/01/08  Sev=Info/4	IPSEC/0x63700014

Deleted all keys
 

282    15:16:16.062  10/01/08  Sev=Info/4	IPSEC/0x63700014

Deleted all keys
 

283    15:16:16.062  10/01/08  Sev=Info/4	IPSEC/0x63700014

Deleted all keys
 

284    15:16:16.062  10/01/08  Sev=Info/4	IPSEC/0x6370000A

IPSec driver successfully stopped

Open in new window

0
 

Accepted Solution

by:
ixarissysadmin earned 0 total points
ID: 22632017
Problem has been solved.  The above should be done using the command in the group-policy::

vpn-filter value access-list-name
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Join & Write a Comment

A few customers have recently asked my thoughts on Password Managers.  As Security is a big part of our industry I was initially very hesitant and sceptical about giving a program all of my secret passwords.  But as I was getting asked about them mo…
This paper addresses the security of Sennheiser DECT Contact Center and Office (CC&O) headsets. It describes the DECT security chain comprised of “Pairing”, “Per Call Authentication” and “Encryption”, which are all part of the standard DECT protocol.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now