Community, hi!
Facing some issues with CCR1009-7G-1C-1S+, firmware 7.1.3
I have a bridge with several physical ports, attached to it
Single Public IP is assigned to this bridge
There is a configuration of ipsec+l2tp for remote users, they use it to get access to some public resources from whitelisted vpn server address via simple masquerade rule and everything works fine for them
Also i have established ikev2/ipsec connections from remote users but they can not reach public IPs via this masquerade rule, although they can reach each other over icmp. I see packets coming through prerouting mangle on accept rule right before src nat, which, i assume, guarantees that firewall filter does not block it, but i can’t see the packets being caught by masquerade rule or any src nat rule i tried to specify before masquerade rule
I have the same configuration on virtual instance with RouterOS with 7.6 and everything work fine there.
Could you please give a path for further troubleshooting?
So upgrade to 7.6