Hi Master Mikrotik
have nice day.
we have problem ipsec mikrotik with intervlan
- brach using mikrotik ip public static, and 2 vlan subnet user , ipsec to sophos firewall
- datacenter 1 mikrotik Ip public static, p2p to sophos firewall, NAT 1:1 at sophos firewall
- Head office using mikrotik ip public static, ipsec to sophos firewall , 1 vlan subnet user
requirement - traffic internet through via datacenter by using sophos firewall . full tunnel = done
- traffic Head office branch, vise versa, manage full controll at sophos firewall
problem
======
if branch using multiple vlan on interface LAN (port2), after enabled ipsec / ipsec tunnel establish
from client PC ping to gateway is not reachable
from client PC ping to other gateway i (same branch) is not reachable , for example from PC01 ping to gateway PC02
but
- traffic to internet via sophos firewall, and outgoing internet via datacenter site is successfully = this is comply
- traffic to branch to head office via sophos firewall datacenter site is successfully (vice-versa) = this is comply
branch port 1 ---- ip public
branch port 2 ---- vlan 10 : 11.11.11.1/24
vlan 20 : 22.22.22.1/24
switch SVI = vlan 10 : 11.11.11.2/24
vlan 20 : 22.22.22.2/24
client = PC-01 vlan 10 : 11.11.11.3
PC-01 vlan 20 : 22.22.22.3
I attach capture mikrotik branch and topology lab my customer by using pnetlab simulator.
please suggest and solution about this problem
thank you
robma bayu
mikrotik branch.docx (64.6 KB)