Hi,
I have an ipsec tunnel from cisco to mikrotik established and working well.
LAN clients on MT connect to a device 10.255.231.12 which is a LAN client on cisco side.
Now i have setup wireguard on the MT and connecting windows clients to the MT.
The wireguard clients can access the MT LAN just fine but the wireguard clients cannot access 10.255.231.12.
What must i do so that wg clients can reach 10.255.231.12?
Either extend tunnel’s policies to include addresses used by WG clients, or use srcnat to change their addresses to fit in existing policies. Plus make sure that firewall allows this traffic.
So something like ???
add action=masquerade chain=srcnat src-address=applicable WG remote subnet out-interface=Cisco-interface
OR
add action=masquerade chain=srcnat in-interface=wireguard_interface dst-address=10.255.231.12
Similar to other scenario.
the wG users in firewall have to be allowed to access Cisco interface.
Similar to other scenarios, I would imagine one needs a route to know where to send such users?
Masquerade is not likely to choose the the right address, so action=src-nat. No new routes should be needed.
Thank you very much!
I just added one NAT rule as per your instructions and it worked right away.
I’m in Mikrotik Heaven