I have a RB 3011 using 2 WANS with PBR. My PBR configuration is working great. What i want to do as you can see in the image. I have to 2 routers connected to my rb principal each one in different port interface with their own ip address.
From my Rb3011 i can only access to the routers if I am connected to the same local network. From any router 750gr3 I can only access to the Rb3011, i can´t reach the other router.
What i want is that from Rb3011 be able to reach RB#1 or RB#2 even if I am not connected to the same network and from RB#1 be able to reach and log in into RB#2. So I can monitor or be able to make changes from RB#1. One thing is the RB#1 all traffic goes to ISP1 and RB#2 all traffics goes to ISP2. I also have a failover working with my PBR configuration.
I already tried forwarding ports and static routing with no success. Hope some can help me out. Thank you!!!
So you have triple NAT LOL, From ISP (1) from RB3011 (2) and then each RB (3).
This is a good case for static routes on the RB3011 so that the RB3011 can direct traffic accordingly.
Right now it has no clue what to do with 192.168.60.0 traffic or 192.168.65.0 traffic.
There are two solutions
ON RB 3011 /ip route add dst-address=192.168.60.0/24 gateway=192.168.17.2 table=main
add dst-address=192.168.65.0/24 gateway=192.168.18.3 table=main
OR if you use the standard masquerade rule on all traffic exiting both Hex routers. /ip firewall nat add action=masquerade chain=srcnat comment=“defconf: masquerade”
ipsec-policy=out,none out-interface-list=WAN
Then all traffic should either have the source IP of 192.168.17.2 OR 192.168.18.3
Final Step… Firewall Rules in local traffic on RB3011.
You have to ensure that traffic can cross subnets…
For admin access you need to allow specifc IPs probably at each Hex Router on the input chain.
