Ping from LAN to AP on hotspot network

markielawrence · June 17, 2020, 9:03am

Hi

I am wanting to ping devices for monitoring from NEMS from our company LAN 10.0.0.0/23 to several Wireless Access Points on our Hotspot network 172.16.16.0/24 in a secure manner. Both on different interfaces.

It does not seem to be possible to have a second interface on the NEMS box.

We have thought about 3 options.

My boss thinks we should simply be able to route the traffic on the Mikrotik Rb3011 directly allowing 172.16.16.0 ICMP traffic to the nems box 10.0.1.91. Is that even possible?

I think it would be better to NAT translate so that NEMS ping an ip address in the 10.0.0.0/23 network translates to the AP in the 172.16.16.0/24 network

Option 3 (less secure) allow pings out on the internet and allow rules for each device.

What would you do?

Thanks

Mark

jvanhambelgium · June 17, 2020, 9:37am

How is your hotspot network (with the AP’s) “connected” to the corporate RB3011 ? Or is there NO connection at all today and is this hotspot network a remote “island” somewhere…
Perhaps a simple VPN-tunnel would be solution (eg. across Internet) and then you can decide what traffic you allow through it.

markielawrence · June 17, 2020, 10:13am

There is currently an interface to the corporate LAN 10.0.0.0/23 but currently this purely as a management interface only for the Mikrotik. We still dont want the corporate and hotspot AP network connected other than pings

jvanhambelgium · June 17, 2020, 10:22am

Well then it is just a matter of routing + firewall-filter ?
I don’t see any problem with that.