Hi,
I’m trying to establish an ipsec tunnel looking like this:
Site1 Site2
10.x.x.x (LAN) → 1.1.1.1(public IP) <---------------->2.2.2.2(public IP)->3.3.3.3(public IP)
IPsec configuration seems to be working, tunnel is established and Site2 can ping Site1 internal IP. The problem is that Site1 can’t reach Site2 “internal” IP (3.3.3.3). Traffic sent to the 3.3.3.3 is not tunneled via IPsec but is sent like a normal internet traffic (since 3.3.3.3 is a public IP). there is a nat rule (on the top of rules) which should enforce srcnat for such traffic and IPsec policy which should enforce to tunnel this traffic.
All the tutorials about configuring IPsec assume that there are private IP pools on both sides of the tunnel. Since in this situation I have public IP is there any other configuration I need to do ? Or maybe this is some “known bug” ?
My device is CRS109-8G-1S-2HnD
RouterOS version 6.28
I hope someone can help me to get it working
A.
P.S. This is my first post, please be gentle 