Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
V
V
Vadim Choporov2016-09-07 11:32:25
Mikrotik
Vadim Choporov, 2016-09-07 11:32:25

In what there can be a problem with work of a part of protocols?

Good afternoon.
I immediately apologize for the "many letters" further - for the sake of completeness, I hope they will help)
First, a little about the topology of the existing network:
There is a central Cisco 2921 router, it raises an IPSec tunnel with a remote office. The remote point uses Mikrotik RB750, connection through provider A. For Cisco, we use the TMG2010 proxy - it is placed in the DMZ, like the internal Cisco interface. Computers from a remote point in browsers use a proxy - Kerio Control 9 (also in DMZ).
The problem is this: the tunnel rises correctly, access via Radmin, rdp, corporate mail, antivirus update from the corporate server - they work, but http / https - "sticks" and hangs on opening the page, although pings go without problems and names are resolved correctly . FTP connection works, but files are not transferred, file transfer using Radmin does not work either. If I turn off the proxy in the browser / system - http / https start working, but, accordingly, office services working through these protocols are not available. With ftp the problem remains.
There is a 3g modem in reserve (Provider B) - when I reconfigure IPSec through it - everything works fine.
New Mikrotik models were purchased (not previously used, there were outdated models, also 750) and installed already at 2 remote points. In the first case, Mikrotik itself raises the Internet connection via PPPoE, in the second case, the provider's modem raises PPPoE, Mikrotik is behind it, and raises the VPN tunnel. The symptoms are the same in both cases.
PS when configured for the provider And the first 5-7 minutes http / https work correctly, then they stick, the file transfer does not work right away. There are about 50 more remote points configured according to the same scheme (Dlink DI800, Zyxel Zywall 200, Mikrotik 750 older versions) - there are no problems.
Can anyone suggest what could be the problem, or in which direction to look, in search of a problem? I myself have already broken my head - so far to no avail)
Thanks in advance.

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

2 answer(s)
Report
A
Alexander, 2016-09-07
@tolstyiii

Apparently you have a problem with MTU. On tunnel interfaces:
ip mtu 1400
ip tcp adjust-mss 1360 Select the
value according to which MTU the provider passes from point to point

Report
K
Kirill Vasiliev, 2016-09-12
@vasilevkirill

)) the problem with MTU is visible when "something works, but something does not, or the site opens halfway" in your case, something else.
If files are not transferred via FTP, then try the passive mode, if it works, then most likely the problem is in NAT-helper, if my memory is not changed, then in cisco it is called alg and in microtek / ip firewall service-port
also show the trace from the host to server proxy.
and show the trace from the proxy server to the Internet
and show the trace from the proxy server to the host

Similar questions
S
Sergey2013-12-21 16:18:04
question on mikrotik 2Reply
E
edh_krusher2018-08-14 15:13:04
How to set up visibility and isolation of internal vlan on mikrotik? 1Reply
K
kodi2013-12-26 10:36:47
How to implement vpn connection log on mikrotik? 3Reply
B
boligolov2018-08-15 15:24:22
Did you design the VLAN correctly? 2Reply
I
Ivan Gumenyuk2014-01-07 19:43:19
How to change subnet in Mikrotik? 1Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question