Des-Nat through IPSec Tunnel

AliYashar · July 18, 2017, 5:18pm

Hello,

I have a MikroTik CHR as a VPN Server which I call it Mik-A in this problem,another MikroTik Routers (hAP lite ) as a home users which I name Mik-B .
Mik-B makes an IPSec tunnel to Mik-A and all devices connected to Mik-B goes through the Tunnel. Mik-B is connected to ADSL Modem Routers.

1- accessing to Mik-B when my customer needs help or I need to change something.( I tried VPN to Mik-A and get an IP in same subnet with Mik-B tunnel remote IP , but its not working ).
2- device connected to Mik-B is known with Local IP of Mik-A in internet because of NAT into tunnel ; So des-nat is not working for any devices behind Mik-B.

I hope I could explain problems understandable and clear.
Kindly help me to fix above problems.

Thank You
Yashar

idlemind · July 18, 2017, 11:42pm

I’ll likely need a little clarification from you. Is it your intention to have the VPN from Mik2 to Mik1 available all the time? Are you using both a site-to-site VPN and a remote access VPN into Mik2?

If the idea is to keep just the site-to-site VPN up then that’s fairly simple. The L2TP service can be used to handle NAT traversal and dynamic IPs from your clients. I’d have to confirm but you should be able to NAT the L2TP portion if your side is behind a NAT. Ideally use 1:1 NAT or put a public IP on the device on your side.

When that’s done create something similar to a remote access VPN from the Wiki and your remote sites will build tunnels to you. You can then use static routes, PPP routes or a routing protocol to move traffic between the sites.