Dual WAN Setup - how to get both public IPs reachable

RouterOS Beginner Basics
1

Hi,

I have a quite simple setup using a RB4011 with two WAN Links (ISP1 and ISP2).

The route table has two entries for 0.0.0.0/0, one with an AD of 1 (ISP1), the other with an AD of 2 (ISP2). I just have that floating route for failover and don’t need anything more advanced (load balancing etc.). But there is one problem I want to fix.

I want to monitor my two public IP addresses from the outside, simply by pinging them. While I can easily ping the ISP1 IP while the route is active I can’t ping ISP2 IP because the default route (leading back to the source) leads return packets via the other ISP.

So my question is: what packet/connection/route marking and route setup would I need to have packets coming in from one ISP leave the router the same way?

Thanks in advance!

WAN failover - IPSec does not work on second link
2

Perhaps setup a dyndns account pointing to the second ISP?

3

Add two additional routing tables with default routes for each of WAN connections.
And then a couple of routing rules, that restrict usage of the tables depending on src IP:

/ip route
add distance=1 gateway=gw-ip-for-isp1 routing-mark=isp1
add distance=1 gateway=gw-ip-for-isp2 routing-mark=isp2

/ip route rule
add action=lookup-only-in-table src-address=your-wan-ip1 table=isp1
add action=lookup-only-in-table src-address=your-wan-ip2 table=isp2
4

Great solution, thanks a lot!

5

I have exactly the same problem as Chaosphere64. After creating the proposed entries, both WAN addresses started responding to pings. Unfortunately, at the same moment the IPSec Lan2Lan connection between Mikrotik and the router in the Headquarters stopped working. How can I solve this problem?

6

By fixing your config.

7

To @anav’s point, your problem is not the same. IPSec isn’t mentions at all here & that add more complexity.
Likely better to create a topic with your config/diagram/details.