I’m using AWS Site to Site VPN with my on-prem Mikrotik Router.
I can communicate with the AWS Servers in my VPC from my on-prem servers so I can confirm the Site to Site VPN is working. This issue is, if I turn of NAT on my router, my on-prem servers cannot access the AWS servers; the router itself can still access AWS server instances, but networks behind my router cannot.
BGP is advertising the relevant networks on both sides of the VPN circuit and the routing tables look accurate.
I need routable access without Network Address Translation… Please help!
Without /export only (wrong?) suppositions.
All GTT sites I have do not allow the traffic generated from IPs used for BGP for security.
The only way is to use My IP, not the IPs used for the peers.
Probably is the same for you, with NAT active you use your IP.
Under the same “conditions”, the Routerboard chooses, if not set otherwise,
to exit with the IP with the lowest numeric value,
for example from 1.1.1.1 and 2.254.254.254 chose the first
you must set the wanted out IP for the routerboard on default route, on pref-source address
You can also use for VPN, instead of peer IP, one of yours IP than are not blocked.