One of our servers needs to talk with a remote server on a public IP address, through an IPsec tunnel terminating on a Cisco VPN concentrator on a public IP address.
The traceroute needs to show the packets going through the Cisco VPN concenrator prior to hitting the remote server with the Public IP address. This is a funny set-up but it is a requirement of our service provider.
Our target host has a public IP address. However, this IP address has been mistakingly designed to be in the same subnet than the outside interface of the Mikrotik router. Our vendor expects the two addresses to remain as such (i.e. .101 and .103 so they cannot be subnetted). Is it possible to send traffic in, encrypt and send out
of the outside interface, if all the IP addresses are on the same subnet? Is there such a concept has a host route?
We added a route to our server to use our Mikrotik as default gateway to be able to encrypt all data in direction of the remote location. The remote IPsec peer send packets to our Mikrotik for decryption.
My question is: will it work? Our Mikrotik and our server are in the same subnet. Encrypted packets will come on the same interface as the one it should forward to the server. We use only one interface on the Mikrotik.