Solved

Pix: Additional Site to Site VPN will not come up

Posted on 2009-05-12
30
621 Views
Last Modified: 2012-05-06
Please help!!!

We have a Pix 506E at our corp office and have 4 other remote sites that are up on the vpn. I installed a pix 501 at our new location and used the VPN site-to-site wizard on both to create a new vpn connection at this new location. When I try to look at active vpn connection on the remote pix it does not show one and the access lists show a 0 hit count. Here is the config for the remote pix

Remote Pix:
PIX Version 6.3(5)
interface ethernet0 auto
interface ethernet1 100full
nameif ethernet0 outside security0
nameif ethernet1 inside security100
hostname xxxxxx
domain-name foo.com
fixup protocol dns maximum-length 512
fixup protocol ftp 21
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol skinny 2000
fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol tftp 69
names
access-list inside_outbound_nat0_acl permit ip 192.168.15.0 255.255.255.0 192.16                                                                             8.1.0 255.255.255.0
access-list outside_cryptomap_10 permit ip 192.168.15.0 255.255.255.0 192.168.1.                                                                             0 255.255.255.0
pager lines 24
mtu outside 1500
mtu inside 1500
ip address outside xxx.xxx.xxx.xxx 255.255.254.0
ip address inside 192.168.15.1 255.255.255.0
ip audit info action alarm
ip audit attack action alarm
pdm location 192.168.15.0 255.255.255.0 inside
pdm location 192.168.1.0 255.255.255.0 inside
pdm location 192.168.1.0 255.255.255.0 outside
pdm logging informational 100
pdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 0 access-list inside_outbound_nat0_acl
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
route outside 0.0.0.0 0.0.0.0 xxx.xxx.xxx.xxx 1
timeout xlate 0:05:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout sip-disconnect 0:02:00 sip-invite 0:03:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server TACACS+ max-failed-attempts 3
aaa-server TACACS+ deadtime 10
aaa-server RADIUS protocol radius
aaa-server RADIUS max-failed-attempts 3
aaa-server RADIUS deadtime 10
aaa-server LOCAL protocol local
http server enable
http 192.168.15.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
floodguard enable
sysopt connection permit-ipsec
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto map outside_map 10 ipsec-isakmp
crypto map outside_map 10 match address outside_cryptomap_10
crypto map outside_map 10 set peer xxx.xxx.xxx.xxx
crypto map outside_map 10 set transform-set ESP-3DES-SHA
crypto map outside_map interface outside
isakmp enable outside
isakmp key ******** address xxx.xxx.xxx.xxx netmask 255.255.255.255
isakmp identity address
isakmp keepalive 10 5
isakmp policy 8 authentication pre-share
isakmp policy 8 encryption 3des
isakmp policy 8 hash sha
isakmp policy 8 group 1
isakmp policy 8 lifetime 86400
telnet 192.168.1.0 255.255.255.0 inside
telnet 192.168.15.0 255.255.255.0 inside
telnet timeout 5
ssh 0.0.0.0 0.0.0.0 outside
ssh timeout 5
management-access inside
console timeout 0
dhcpd address 192.168.15.100-192.168.15.130 inside
dhcpd dns 68.94.156.1 68.94.157.1
dhcpd lease 3600
dhcpd ping_timeout 750
dhcpd auto_config outside
dhcpd enable inside
terminal width 80

Is there anything that sticks out? Let me know if I also need to provide the corp config. It matches the other VPN sites exactly as far as the config goes.
0
Comment
Question by:J C
  • 16
  • 12
  • 2
30 Comments
 
LVL 13

Expert Comment

by:Quori
ID: 24369342
debug crypto isakmp 10
debug crypto ipsec

Then generate some traffic that should be interesting to the VPN ACL and let us know what you get.
0
 

Author Comment

by:J C
ID: 24369403
PEER_REAPER_TIMER?
0
 
LVL 13

Expert Comment

by:Quori
ID: 24369429
PEER_REAPER_TIMER looks for when to delete SA's for VPN peers. Usually only appears when running an isakmp debug above level 2 (which we are). Have any other output?
0
 

Author Comment

by:J C
ID: 24369443
Where will it output the information you are looking for? Do my NAT statements look ok? I have seen on some forums where the wizard does not configure NAT for you. Is that correct?
0
 
LVL 13

Expert Comment

by:Quori
ID: 24369472
It will be in your log, or you can "term mon" to get it to the telnet console.

Yes, looks fine. Though my experience is with ASA's not PIX (bit of a different beast).

What we're trying to figure out here is where it is failing - weather it is just not matching the traffic or failing at phase 1 and not going any further.

Might as well also provide your head office config too.
0
 

Author Comment

by:J C
ID: 24369956
Details for 192.168.15.0/255.255.255.0/0/0 192.168.1.0/255.255.255.0/0/0 at Tue May 12 15:06:24 PDT 2009

   local  ident (addr/mask/prot/port): (192.168.15.0/255.255.255.0/0/0)
   remote ident (addr/mask/prot/port): (192.168.1.0/255.255.255.0/0/0)
   current_peer: xxx.xxx.xxx.xxx:0
     PERMIT, flags={origin_is_acl,}
    #pkts encaps: 0, #pkts encrypt: 0, #pkts digest 0
    #pkts decaps: 0, #pkts decrypt: 0, #pkts verify 0
    #pkts compressed: 0, #pkts decompressed: 0
    #pkts not compressed: 0, #pkts compr. failed: 0, #pkts decompress failed: 0
    #pkts no sa (send) 0, #pkts invalid sa (rcv) 0
    #pkts encaps failed (send) 0, #pkts decaps failed (rcv) 0
    #pkts invalid prot (recv) 0, #pkts verify failed: 0
    #pkts invalid identity (recv) 0, #pkts invalid len (rcv) 0
    #pkts replay rollover (send): 0, #pkts replay rollover (rcv) 0
    ##pkts replay failed (rcv): 0
    #pkts internal err (send): 0, #pkts internal err (recv) 0
     local crypto endpt.: xxx.xxx.xxx.xxx, remote crypto endpt.: xxx.xxx.xxx.xxx
     path mtu 1500, ipsec overhead 0, media mtu 1500
     current outbound spi: 0
     inbound esp sas:
     inbound ah sas:
     inbound pcp sas:
     outbound esp sas:
     outbound ah sas:
     outbound pcp sas:

Does this tell you anything?
0
 

Author Comment

by:J C
ID: 24369972
Corp Pix's config is pretty chaotic/large...Do you want me to post only the pertinent information? All of our other remote sites are tunneled in. It is just this one.
0
 
LVL 13

Expert Comment

by:Quori
ID: 24370243
It tells me there are no SA's. Really need debug info.

Just provide the full thing as an attachment (minus any confidential stuff)
0
 

Author Comment

by:J C
ID: 24370945
Ok, so what seems pretty strange to me. It finally tunnelled when I attempted to connect to our citrix server on one our brick's/win terminals but it does not stay up. After a certain amount of idle time it dies. Any ideas? To get it back up, I power cycled the winterm and after 5 seconds or so of it attempting to establish the connection it comes up.
0
 
LVL 13

Expert Comment

by:Quori
ID: 24371038
Thats correct. The tunnel only comes up when it sees interesting traffic. As I asked earlier for you to generate some interesting traffic - usually via pinging from the inside interface of the PIX in this case.

You have the DPD configured, check that "isakmp keepalive" is enabled on the headend. Clear the crypto tunnels then run the debug and watch for ISAKMP (0): remote peer supports dead peer detection
0
 

Author Comment

by:J C
ID: 24371143
Keepalive is enabled. I am not sure how to get the information you are looking for. If it is supposed to automatically output within the telnet session, I have already posted what was being outputted. To ping from the inside interface...What is the command to ping from the inside interface?
0
 
LVL 13

Expert Comment

by:Quori
ID: 24371170
debug isakmp 255
term mon
ping Inside 192.168.1.x
0
 

Author Comment

by:J C
ID: 24371569
ISADB: reaper checking SA 0xaed434, conn_id = 0
DPD_TIMER
PEER_REAPER_TIMER

This is what I have seen so far.
0
 

Author Comment

by:J C
ID: 24371577
I can't ping across by the way or at least I don't get a response and it does not generate any kind of error. I have to use the winterms to establish the vpn and if it's been idle long enough it just dies and the only way to get it back as I said before is to power cycle one of those devices.
0
 
LVL 13

Expert Comment

by:Quori
ID: 24371581
Interesting. Turn on one of your thin clients to force the tunnel up and see what you get.
0
What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 

Author Comment

by:J C
ID: 24371601
I did that and it's not showing me anything different.

I could not run debug isakmp 255 but I was able to run debug crypto isakmp 10
debug crypto ipsec which you had originally given me to debug this. I also used the command term mon and I have sent you everything that I have seen so far.
0
 
LVL 13

Expert Comment

by:Quori
ID: 24371628
Hrmm. Can you provide the head office config so I can lab this? Will get back to you once I have, or hopefully one of the more experienced PIX experts can chime in.
0
 

Author Comment

by:J C
ID: 24371632
Here we go
ipsec_db_add_ipsec_sa_list:
ipsec_db_get_ipsec_sa_list:
compute_quick_mode_iv:
construct_header: message_id 0x95cfb806
ipsec_db_get_ipsec_sa_list:
construct_blank_hash:
construct_notify:
ipsec_db_get_ipsec_sa_list:
construct_qm_hash:
ipsec_db_get_ipsec_sa_list:
throw: mess_id 0x95cfb806
ipsec_db_get_ipsec_sa_list:
isakmp_ce_encrypt_payload: offset 28, length 84
pix_des_encrypt: data 0xaf3674, len 64
des_encdec:
send_response:
isakmp_send: ip 209.234.xxx.xxx, port 500
throw: no state, delete ipsec sa list
ipsec_db_delete_ipsec_sa_list:
ipsec_db_delete_sa_list_entry:
0
 

Author Comment

by:J C
ID: 24371640
Crap! Didn't mask the ip. Right now I am unable to connect after the tunnel had closed. And that is what I am currently seeing.
0
 
LVL 13

Expert Comment

by:Quori
ID: 24371673
Yeah, sadly nothing helpful there. If you could provide the headend config I can double check that too and lab this up.
0
 

Author Comment

by:J C
ID: 24371678
construct_blank_hash:
construct_notify:
ipsec_db_get_ipsec_sa_list:
construct_qm_hash:
ipsec_db_get_ipsec_sa_list:
throw: mess_id 0x8fffb68d
ipsec_db_get_ipsec_sa_list:
isakmp_ce_encrypt_payload: offset 28, length 80
pix_des_encrypt: data 0xaf4194, len 56
des_encdec:
send_response:
isakmp_send: ip xxx.xxx.xxx.xxx, port 500
throw: no state, delete ipsec sa list
ipsec_db_delete_ipsec_sa_list:
ipsec_db_delete_sa_list_entry:
VPN Peer: ISAKMP: Added new peer: ip:xxx.xxx.xxx.xxx/500 Total VPN Peers:1
VPN Peer: ISAKMP: Peer ip:xxx.xxx.xxx.xxx/500 Ref cnt incremented to:1 Total VPN Peers:1
KE_TIMER
starve:
ipsec_db_get_ipsec_sa_list:
oakley_const_qm:
ipsec_db_get_ipsec_sa_list:
construct_header: message_id 0x6a5e1da
ipsec_db_get_ipsec_sa_list:
construct_blank_hash:
construct_ipsec_sa:
ipsec_db_get_ipsec_sa_list:
set_ipsec_proposals:
set_proposal: protocol 0x3, proposal_num 1, extra_info 0x0
construct_ipsec_nonce:
ipsec_db_get_ipsec_sa_list:
construct_proxy_id:
ipsec_db_get_ipsec_sa_list:
construct_proxy_id:
ipsec_db_get_ipsec_sa_list:
construct_qm_hash:
ipsec_db_get_ipsec_sa_list:
throw: mess_id 0x6a5e1da
ipsec_db_get_ipsec_sa_list:
isakmp_ce_encrypt_payload: offset 28, length 168
pix_des_encrypt: data 0xaf57d4, len 144
des_encdec:
send_response:
isakmp_send: ip xxx.xxx.xxx.xxx, port 500

ISAKMP msg received
crypto_isakmp_process_block:src:xxx.xxx.xxx.xxx, dest:xxx.xxx.xxx.xxx spt:500 dpt:500
gen_cookie:
fill_sa_key:isadb_search returned sa = 0xae4cdc

ipsec_db_get_ipsec_sa_list:
ipsec_db_add_ipsec_sa_list:
ipsec_db_get_ipsec_sa_list:
compute_quick_mode_iv:
isakmp_ce_decrypt_payload:
pix_des_decrypt: data 0x736a08, len 56
des_encdec:
validate_payload: len 84
valid_payload:
valid_payload:
ISAKMP_INFO exchange
process_isakmp_info:
verify_qm_hash:
ipsec_db_get_ipsec_sa_list:
process_isakmp_packet:
process_notify:
ISAKMP (0): processing NOTIFY payload 24578 protocol 1
        spi 0, message ID = 3287379450
ISAKMP (0): processing notify INITIAL_CONTACTIPSEC(key_engine): got a queue event...
IPSEC(key_engine_delete_sas): rec'd delete notify from ISAKMP
IPSEC(key_engine_delete_sas): delete all SAs shared with  xxx.xxx.xxx.xxx

gen_cookie:
gen_cookie:
ISADB: reaper checking SA 0xae4cdc, conn_id = 0
return status is IKMP_NO_ERR_NO_TRANS
ipsec_db_delete_ipsec_sa_list:
ipsec_db_delete_sa_list_entry:

ISAKMP msg received
crypto_isakmp_process_block:src:xxx.xxx.xxx.xxx, dest:xxx.xxx.xxx.xxx spt:500 dpt:500
gen_cookie:
fill_sa_key:isadb_search returned sa = 0xae4cdc

ipsec_db_get_ipsec_sa_list:
isakmp_ce_decrypt_payload:
pix_des_decrypt: data 0x7db248, len 144
des_encdec:
validate_payload: len 172
valid_payload:
valid_payload:
valid_sa:
valid_transform:
valid_payload:
valid_payload:
valid_payload:
OAK_QM exchange
oakley_process_quick_mode:
ipsec_db_get_ipsec_sa_list:
verify_qm_hash:
ipsec_db_get_ipsec_sa_list:
OAK_QM_IDLE
process_isakmp_packet:
process_sa: mess_id 0x6a5e1da
ISAKMP (0): processing SA payload. message ID = 111534554

check_ipsec_proposal:
ISAKMP : Checking IPSec proposal 1

ISAKMP: transform 1, ESP_3DES
ISAKMP:   attributes in transform:
ISAKMP:      encaps is 1
ISAKMP:      SA life type in seconds
ISAKMP:      SA life duration (basic) of 28800
ISAKMP:      SA life type in kilobytes
ISAKMP:      SA life duration (VPI) of  0x0 0x46 0x50 0x0
ISAKMP:      authenticator is HMAC-SHA
ISAKMP (0): atts are acceptable.
check_prop: acceptable = 1
snoop_id_payloads:IPSEC(validate_proposal_request): proposal part #1,
  (key eng. msg.) dest= xxx.xxx.xxx.xxx, src= xxx.xxx.xxx.xxx,
    dest_proxy= 192.168.1.0/255.255.255.0/0/0 (type=4),
    src_proxy= 192.168.15.0/255.255.255.0/0/0 (type=4),
    protocol= ESP, transform= esp-3des esp-sha-hmac ,
    lifedur= 0s and 0kb,
    spi= 0x0(0), conn_id= 0, keysize= 0, flags= 0x4

ipsec_db_get_ipsec_sa_list:
ipsec_db_get_ipsec_sa_list:
ipsec_db_get_ipsec_sa_list:
ipsec_db_get_ipsec_sa_list:check_ah_esp_atts: src xxx.xxx.xxx.xxx, dst xxx.xxx.xxx.xxx

process_sa: DONE - status 0x0
delete_sa_offers:
process_nonce:
ISAKMP (0): processing NONCE payload. message ID = 111534554

ipsec_db_get_ipsec_sa_list:
ISAKMP (0): processing ID payload. message ID = 111534554
ipsec_db_get_ipsec_sa_list:
ISAKMP (0): processing ID payload. message ID = 111534554
ipsec_db_get_ipsec_sa_list:
oakley_final_qm:
ipsec_db_get_ipsec_sa_list:
construct_header: message_id 0x6a5e1da
ipsec_db_get_ipsec_sa_list:
prepare_ipsec_sas:
ipsec_db_get_ipsec_sa_list:
GEN_IPSEC_SA::
CREATE IPSEC KEY:
CREATE IPSEC KEY:
stuff_ipsec_sa_in_ke:
ipsec_db_get_ipsec_sa_list:
ISAKMP (0): Creating IPSec SAs
        inbound SA from  xxx.xxx.xxx.xxx to    xxx.xxx.xxx.xxx (proxy     192.168.1.0 to    192.168.15.0)
        has spi 155818751 and conn_id 2 and flags 4
        lifetime of 28800 seconds
        lifetime of 4608000 kilobytes
        outbound SA from    xxx.xxx.xxx.xxx to  xxx.xxx.xxx.xxx (proxy    192.168.15.0 to     192.168.1.0)
        has spi 2170038006 and conn_id 1 and flags 4
        lifetime of 28800 seconds
        lifetime of 4608000 kilobytesIPSEC(key_engine): got a queue event...
IPSEC(initialize_sas): ,
  (key eng. msg.) dest= xxx.xxx.xxx.xxx, src= xxx.xxx.xxx.xxx,
    dest_proxy= 192.168.15.0/255.255.255.0/0/0 (type=4),
    src_proxy= 192.168.1.0/255.255.255.0/0/0 (type=4),
    protocol= ESP, transform= esp-3des esp-sha-hmac ,
    lifedur= 28800s and 4608000kb,
    spi= 0x9499aff(155818751), conn_id= 2, keysize= 0, flags= 0x4
IPSEC(initialize_sas): ,
  (key eng. msg.) src= xxx.xxx.xxx.xxx, dest= xxx.xxx.xxx.xxx,
    src_proxy= 192.168.15.0/255.255.255.0/0/0 (type=4),
    dest_proxy= 192.168.1.0/255.255.255.0/0/0 (type=4),
    protocol= ESP, transform= esp-3des esp-sha-hmac ,
    lifedur= 28800s and 4608000kb,
    spi= 0x815826f6(2170038006), conn_id= 1, keysize= 0, flags= 0x4

VPN Peer: IPSEC: Peer ip:xxx.xxx.xxx.xxx/500 Ref cnt incremented to:2 Total VPN Peers:1
VPN Peer: IPSEC: Peer ip:xxx.xxx.xxx.xxx/500 Ref cnt incremented to:3 Total VPN Peers:1
THE END!
return status is IKMP_NO_ERROR
throw: mess_id 0x6a5e1da
ipsec_db_get_ipsec_sa_list:
isakmp_ce_encrypt_payload: offset 28, length 52
pix_des_encrypt: data 0xaf57d4, len 32
des_encdec:
send_response:
isakmp_send: ip xxx.xxx.xxx.xxx, port 500
throw: no state, delete ipsec sa list
ipsec_db_get_ipsec_sa_list:
PEER_REAPER_TIMER
DPD_TIMER
PEER_REAPER_TIMER

ISAKMP msg received
crypto_isakmp_process_block:src:xxx.xxx.xxx.xxx, dest:xxx.xxx.xxx.xxx spt:500 dpt:500
gen_cookie:
fill_sa_key:isadb_search returned sa = 0xae4cdc

ipsec_db_get_ipsec_sa_list:
ipsec_db_add_ipsec_sa_list:
ipsec_db_get_ipsec_sa_list:
compute_quick_mode_iv:
isakmp_ce_decrypt_payload:
pix_des_decrypt: data 0x76a408, len 64
des_encdec:
validate_payload: len 92
valid_payload:
valid_payload:
ISAKMP_INFO exchange
process_isakmp_info:
verify_qm_hash:
ipsec_db_get_ipsec_sa_list:
process_isakmp_packet:
process_notify:
ISAKMP (0): processing NOTIFY payload 36136 protocol 1
        spi 0, message ID = 423836303
ISAMKP (0): received DPD_R_U_THERE from peer xxx.xxx.xxx.xxx
ISAKMP (0): sending NOTIFY message 36137 protocol 1
ipsec_db_add_ipsec_sa_list:
ipsec_db_get_ipsec_sa_list:
compute_quick_mode_iv:
construct_header: message_id 0x28443350
ipsec_db_get_ipsec_sa_list:
construct_blank_hash:
construct_notify:
ipsec_db_get_ipsec_sa_list:
construct_qm_hash:
ipsec_db_get_ipsec_sa_list:
throw: mess_id 0x28443350
ipsec_db_get_ipsec_sa_list:
isakmp_ce_encrypt_payload: offset 28, length 84
pix_des_encrypt: data 0xaf4cb4, len 64
des_encdec:
send_response:
isakmp_send: ip xxx.xxx.xxx.xxx, port 500
throw: no state, delete ipsec sa list
ipsec_db_delete_ipsec_sa_list:
ipsec_db_delete_sa_list_entry:
return status is IKMP_NO_ERR_NO_TRANS
ipsec_db_delete_ipsec_sa_list:
ipsec_db_delete_sa_list_entry:
0
 

Author Comment

by:J C
ID: 24371683
I will do that, just wanted to provide the rest of the information I am seeing.
0
 
LVL 13

Expert Comment

by:Quori
ID: 24371728
"return status is IKMP_NO_ERR_NO_TRANS" means no traffic is going down the tunnel, which needs to occur on both ends for it to come up.

Possibly a routing issue or ACL issue on the headend.
0
 

Author Comment

by:J C
ID: 24371742
Headend=Corp Pix?
0
 
LVL 13

Expert Comment

by:Quori
ID: 24371857
Yes.
0
 

Author Comment

by:J C
ID: 24371979
Here is the corp pix's config and also attached is going to be the current remote pix's config as a few things have changed. Thanks very much for taking the time to look at this with me.

remotepix-config.txt
headend-config.txt
0
 
LVL 5

Accepted Solution

by:
yashinchalad earned 300 total points
ID: 24374430
isakmp key <key> address <peer IP> netmask 255.255.255.255 no-xauth no-config-mode
since you have aaa configured, "no-xauth no-config-mode" might help.
(we had a similar issue before when we had pix with us)
 
0
 
LVL 13

Assisted Solution

by:Quori
Quori earned 200 total points
ID: 24379863
Heh. Yasin beat me.

I lab'd this issue last night, and the above saw the VPN tunnel up.
0
 
LVL 5

Expert Comment

by:yashinchalad
ID: 24382880
hehe..thank you Master Quori. whats the status author? was it helpful?
0
 

Author Closing Comment

by:J C
ID: 31580668
Quori, thanks for all the time you spent. Yashinchalad, that did seem to resolve the problem...Tunnel is up and we are passing traffic. There is still a problem with the PIX to PIX VPN at this one remote site but I posted here originally because there was no connectivity. You did help me fix that. Thanks to both of you.
0

Featured Post

What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

Join & Write a Comment

From Cisco ASA version 8.3, the Network Address Translation (NAT) configuration has been completely redesigned and it may be helpful to have the syntax configuration for both at a glance. You may as well want to read official Cisco published AS…
This is an article about my experiences with remote access to my clients (so that I may serve them) and eventually to my home office system via Radmin Remote Control. I have been using remote access for over 10 years and have been improving my metho…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now