Hello,
I would like to ask you for your opinion. I need to find a secure way how to manage small remote sites where I have RBs. We have HQ, where is Kerio Control as a FW and a lot of small sites with various types of internet connectivity solutions. Different providers and devices. There is usualy a device from provider, where I have to forward ports to RB. There is always public IP address, but not directly on the interface, but NATed from ISP. My first thought was to establish site to site IPsec tunnel from RB to Kerio, But I suppose, it would be complicated and not always possible because of NAT-T. Am I right? I need an universal solution and non uniform internet connectivity solutions and NAT makes it difficult. Is there any elegant solution for this? Thank you…
I would connect all sites to a central location so there is no need to forward ports for all sites. Usually i do a vpn connection from a remote site to my office that has public ip temporarily or permanently.
I have quite many branches connected via site 2 site VPN, but not with MikroTik and the locations are not behind cheap NAT devices. I’m asking especially about NAT traversal. If it’s possible to establish reliable VPN tunnel in this case and if not, what could be another solution…