This is my actual conf (All done by online documentation and it works but...)
ip routing:
DST-ADDRESS PREF-SRC GATEWAY DISTANCE
0 A S 0.0.0.0/0 200.100.100.25 1
3 ADC 192.168.1.0/24 192.168.1.1 ether3 0
5 ADC 192.168.2.0/24 192.168.2.1 ether2 0
6 ADC 200.100.100.24/30 200.100.100.26 ether2 0
200.100.100.26 is my public IP
200.100.100.24/30 is ISP network with 200.100.100.25 as gateway
ip ipsec peer:
0 ;;; My VPN
address=100.100.200.195/32 port=500 and so on ...
ip ipsec policy:
0 ;;; My VPN
src-address=192.168.2.0/24 src-port=any dst-address=172.11.0.0/24
dst-port=any protocol=all action=encrypt level=unique ipsec-protocols=esp
tunnel=yes sa-src-address=200.100.100.26 sa-dst-address=100.100.200.195
proposal=myproposal priority=0
ip firewall nat:
chain=srcnat action=accept src-address=192.168.2.1 dst-address=172.11.0.0/24 out-interface=ether2
I have received the pool 192.168.2.0/24 because 192.168.1.0/24 is already occupied by another company.
I can ping adresses behind tunnel from Mikrotik without any problem; but I have to set the outgoing Ip 192.168.2.1. but from my network 192.168.1.0/24 I can't.
How can route the traffic from my local 192.168.1.0/24 to the addresses 172.11.0.0./24 & 10.10.10.0/24 through 192.168.2.0/24.
