I am using MikroTik RB1100x4 as a load balancer, the LAN of the mikrotik is connected to the OUTSIDE interface of the ASA, the INSIDE interface of the ASA is connected to WAN interface of a proxy server, the LAN interface of the server is then connected to large number of clients using the Internet through this system please see below topology
At first, everything was working fine. until VPN issues and many others started to roll. I figured out later that the Multi-Level NAT is causing many problems especially with Cisco ASA. Because the Outside Interface of the ASA is highly recommended to have PUBLIC IP not PRIVATE as in this setup.
Is there anyway to configure MikroTik as a transparent device in order to assign public IP to the ASA?
Is it possible that MikroTik acts as a bridge-mode keeping the functionality as a load balancing?
If anyone here has good knowledge of both MikroTik ROS and Cisco ASA to advise in such scenario?
Is it possible to keep the NAT function on Firewall and do the routing to outside on MT? In other words can I remove the src nat masquerade rules and replace it with direct routing, so any packet coming from the LAN being routed to WAN links according to the mangle rules?
No because you are not using public IPs. As long as you stick to RFC1918 you will need nat on your border.
Recommended would be to get some public IPs and set up peering with your providers on Mikrotik - which will handle routing - and keep nat on your firewall.
