I connected the IPSec between Mikrotiks from which the server is a router in the network with an external IP, and the client LTE terminal (SXT LTE) without public IP. Everything got connected, Active Peers came in from both sides, but… As you know on LTE in most operators you will not get public IP, therefore there is NAT somewhere in the operator and another (Masquerade) on the LTE interface in Mikrotik itself to handle LAN .
My problem is that I can’t push LAN traffic through the IPSec tunnel.
In ipsec I created mode-config
add name=cfg1 responder=no src-address-list=192.168.1.0/24
which creates dynamic NAT, but no packet go through it.
Theoretically there is one solution to do that. I have to push out traffic through the double NAT. First dynamic NAT created by IPSec rules and after that (after encryption packet) once again through NAT or Mascarade of LTE connection. But I don’t know how to do in the Miktorik firewall. Maybe some jump rules?
Please help me.