convert cisco vlan interface to Mikrotik OS (NAT)

rb384997 · September 19, 2010, 4:02pm

Ok so I have a vlan 10 interface and im not sure how to set it up the nat portion in the mikrotik.
Can any one help?

interface FastEthernet0/0.10
description VLAN 10 and old VL20
encapsulation dot1Q 10
ip address xxx.xxx.181.1 255.255.255.0 secondary
ip address xxx.xxx.52.1 255.255.252.0 secondary
ip address xxx.xxx.0.1 255.255.0.0 secondary
ip address xxx.xxx.17.65 255.255.255.192
ip access-group 197 in
ip helper-address 70.60.17.20
ip nat inside
no cdp enable

access-list 197 permit tcp any any established
access-list 197 permit tcp xxx.24.0.0 0.0.3.255 host xxx.60.17.11 eq smtp
access-list 197 deny tcp xxx.24.0.0 0.0.3.255 any eq smtp
access-list 197 permit tcp xxx.20.0.0 0.0.3.255 host xxx.60.17.11 eq smtp
access-list 197 deny tcp xxx.20.0.0 0.0.3.255 any eq smtp
access-list 197 permit tcp xxx.1.16.0 0.0.3.255 host xxx.60.17.11 eq smtp
access-list 197 deny tcp xxx.1.16.0 0.0.3.255 any eq smtp
access-list 197 deny tcp any any eq 445
access-list 197 deny udp any any eq 6346
access-list 197 deny tcp any any eq 139
access-list 197 deny udp any any eq 41170
access-list 197 deny tcp any any eq 6346
access-list 197 deny udp any any eq 6348
access-list 197 deny tcp any any eq 135
access-list 197 deny tcp any any eq 6348
access-list 197 permit ip any any

fewi · September 19, 2010, 5:18pm

You’re showing an interface and an access list, and no NAT command (other than designating the interface as a NAT inside interface).

Does your below thread, which I responded to, have anything to do with this question?
http://forum.mikrotik.com/t/convert-cisco-nat-pool-to-mikrotik-os/40851/1

rb384997 · September 19, 2010, 8:12pm

btw, thanks, for the help, just stumbling a bit.

yes it does apply to the other post, I have main interface(ether 1) and 4 of my vlans set up on the Mikrotik,
(I’m assuming vlan1-cisco is same as standard ether1 on MT-rtr)

In the cisco it does specify Outside Nat on main interface (vlan1), all other vlans are inside nat,
but there are no nat commands other than the nat pools in the other thread,

So I guess everything is just routed other than the (ip nat inside source list of each pool)?

fewi · September 19, 2010, 8:20pm

The reply in the other thread shows a full RouterOS NAT configuration.

rb384997 · September 20, 2010, 12:21am

ok one last cfg, cisco nat cmd to mikrotik nat

ip nat inside source static xxx.20.0.77 xxx.60.17.180

fewi · September 20, 2010, 1:23am

/ip firewall nat
add chain=srcnat out-interface=WAN src-address=xxx.20.0.77 action=src-nat to-address=xxx.60.17.80

You’re getting pretty basic here, really. All of this is covered by the manual: http://wiki.mikrotik.com/wiki/Manual:IP/Firewall/NAT

rb384997 · September 22, 2010, 2:10am

ip nat inside source static xxx.20.0.77 xxx.60.17.180

This command is more of an ip mapping.

I needed to be able to log in in to the private assigned device using the public address(from external my network)
This is the actual cisco to mikrotik conversion that worked worked.

/ip firewall nat add chain=dstnat dst-address=x.60.17.180
action=netmap to-addresses=x.20.0.77

/ip firewall nat add chain=srcnat src-address=x.20.0.77
action=netmap to-addresses=x.60.17.180

Thanks, I read through the wiki