MikroTik Multiple ISP External Access

Howzit guys!!

I hope this is the correct place to post. I have my MikroTik installed with two different ISP’s. The first configuration is as follow:

1. A billion router (ISP router) authenticating the connection with the ISP with 1-to-1 NAT configured towards the Eth1 interface. I also have 5 Public IP’s (static) setup on the MikroTik for external access. All traffic from my local network (Eth3) is by default routed through the first ISP.

2. The second configuration is a PPPoE dialup setup on Eth4 towards a different ISP (backup). I also have one Public IP (static) but I can not setup this IP to be accessible externally.

I tried to create a static route through the second ISP gateway, but no luck. What exactly do I need to do to have remote access through both ISP connections?

OK, so this is what I’ve done so far…
I followed the wiki http://wiki.mikrotik.com/wiki/Manual:PCC
I did not add any addresses because it was added a few months ago. The bridge was also configured. However, the addresses are as follow:
address=10.0.0.1/24 network 10.0.0.0 interface=bridge1 (local network)
address=xx.xx.38.146/29 network=xx.xx.38.144 interface=ether1
address=xx.xx.64.20 network=xx.xx.64.1 interface=ether5 (this address was added the moment I configured the PPPoE account)

This is my config from where I’ve started:

/ ip firewall mangle
add chain=prerouting dst-address=xx.xx.38.144/29 action=accept in-interface=“bridge1”
add chain=prerouting dst-address=xx.xx.64.1 action=accept in-interface=“bridge1”
add chain=prerouting in-interface=“ether1” connection-mark=no-mark action=mark-connection
new-connection-mark=ISP1_conn
add chain=prerouting in-interface=“Eth5 PPPoE” connection-mark=no-mark action=mark-connection
new-connection-mark=ISP2_conn
add chain=prerouting in-interface=“bridge1” connection-mark=no-mark dst-address-type=!local
per-connection-classifier=both-addresses:2/0 action=mark-connection new-connection-mark=ISP1_conn
add chain=prerouting in-interface=“bridge1” connection-mark=no-mark dst-address-type=!local
per-connection-classifier=both-addresses:2/1 action=mark-connection new-connection-mark=ISP2_conn
add chain=prerouting connection-mark=ISP1_conn in-interface=“bridge1” action=mark-routing
new-routing-mark=to_ISP1
add chain=prerouting connection-mark=ISP2_conn in-interface=“bridge1” action=mark-routing
new-routing-mark=to_ISP2
add chain=output connection-mark=ISP1_conn action=mark-routing new-routing-mark=to_ISP1
add chain=output connection-mark=ISP2_conn action=mark-routing new-routing-mark=to_ISP2

/ ip route
add dst-address=0.0.0.0/0 gateway=xx.xx.38.145 routing-mark=to_ISP1 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=“Eth5 PPPoE” routing-mark=to_ISP2 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=xx.xx.38.145 distance=1 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=“Eth5 PPPoE” distance=2 check-gateway=ping

/ ip firewall nat
add chain=srcnat out-interface=“bridge1” action=masquerade
add chain=srcnat out-interface=“Eth5 PPPoE” action=masquerade

I could alway access my internal network reomtely through the ISP1 config, however the moment I add the IP routes, both the ISP1 gateways become unreachable. I can access my local network remotely through the ISP2 connection with out any problem. Is it because the ISP1 gateway is unreachable? How can I fix this so that I can access my local network through both ISP’s?

Thanx in advance!!

add two default routes, but chek gateway - arp. Then the backup will take over, if you have no arp request from the first one.

You need to setup mangle and proper routing tables.

Watch the presentation in my sig, it explains it all.

@samsung172. Thanks for the response. Should I check the one gateway with Ping and the other with ARP, or should I only check the secondary gateway with ARP?

@tomaskir. The video in your signature does not work.

@tomaskir. The video in your signature does not work.

Sure it does, just open it in chrome or FF. Tiktube doesnt work in IE for me either.