Hi All,
This is my first question ever posted on this forum.
So far all information I have ever needed about configuring the RouterOS I have found here… but not this time.
Setup:
RouterOS 5.2.
RB450G ↔ IPSec Tunnel over Internet ↔ RB1000AHx2
In both routers there is an “NAT Bypass” rule that tells the router not to NAT traffic destined for the subnet on the other side of the IPSec Tunnel.
Problem:
If SIP Helper is active - then the SIP Helper will also transform the SDP with the public IP address of IP packets sent over the IPSec Tunnel.
In my opinion this is a bug.
SIP Helper should not transform packet that is not traversing the NAT/Firewall.
But it does so even though there is a “NAT Bypass” rule.
It seems to me that the SIP Helper only cares about the port of the IP packet and that the logic of SIP Helper is executed before any NAT rules are evaluated…
I guess a more correct behavioral would be that the SIP Helper shouldn’t be executed until a NAT rule that says “NAT this traffic” has been reached…
Any comments, tips or tricks?
I might be my mistake - some configuration that I’ve missed.
