Hello.
I’m sorry to bring this topic again to discussion, but I’ve tried all the ways I could find in the forum, and I’m somehow new by with ROS I’d appreciate some help.
Anyway, I have an established tunnel but cannot pass traffic.
This tunnel is supposed to give me access to some web pages (443) from another company.
Network:
Local:
WAN: 61.25.45.62
LAN: 192.45.222.128/29
Remote:
WAN: 61.25.47.125
LAN: 192.45.200.0/23
Firewall
/ip firewall nat print
chain=srcnat action=accept src-address=192.45.222.128/29 dst-address=192.45.200.0/23 log=no log-prefix=“”
/ip firewall filter print
chain=forward action=accept src-address=192.45.222.128/29 dst-address=192.45.200.0/23 log=yes log-prefix=“” ipsec-policy=out,ipsec
chain=forward action=accept src-address=192.45.200.0/23 dst-address=192.45.222.128/29 log=no log-prefix=“” ipsec-policy=in,ipsec
chain=input action=accept protocol=udp dst-address=192.45.222.128/29 dst-port=500,1701,4500 log=no log-prefix=“”
chain=input action=accept protocol=tcp dst-address=192.45.222.128/29 dst-port=80,443,1723 log=no
log-prefix=“”
chain=input action=accept protocol=ipsec-esp dst-address=192.45.222.128/29 log=no log-prefix=“”
chain=input action=accept protocol=ipsec-ah dst-address=192.45.222.128/29 log=no log-prefix=“”
I receives this instructions to config the rules:
NAT
Original Packet
Source IP: —
Destination IP: 192.45.200.0/23
Translated Packet
Source IP: 192.45.222.128/29
Destination IP: original
Firewall
192.45.222.129/32 192.45.201.28/32 443/tcp
192.45.222.130/32 - 192.45.201.29/32 443/tcp
- 192.45.201.241/32
- 192.45.201.242/32 80,443/tcp
- 192.45.201.240/32 443/tcp
Thanks in advance for possible help.