Hello,
i’m searching for a few days for a solution and i can’t find one, maybe someone from here can help me.
I have the following configuration. (IP’s are replaced with fake ones)
Site A:
Mikrotik Router
WAN IP
122.122.122.10/32
122.122.122.11/32
LAN: 192.168.88.0/24
Site B:
Juniper 5GT
WAN IP: 165.165.165.51/32
LAN: 10.10.1.0/24
IPSec conenction is established between Site A and B. Ping between internal networks are working, no issue here.
Now i want to forward port 80 and 443 from IP 192.168.88.254 to WAN IP 1 and port 80 and 443 from 10.10.1.2 to WAN IP 2. How can i do this ?
Currently i have 2 rules:
chain=srcnat action=accept src-address=192.168.88.0/24 dst-address=10.10.1.0/24 log=no log-prefix=“”
chain=srcnat action=masquerade src-address=192.168.88.0/24 log=no log-prefix=“”
Im planning to do ip ip over ipsec tunneling to avid this problem in the future, but meanwhile im doing NAT.
try this
im supposing your SITE A router lan ip is 192.168.88.1
/ip firewall nat
add action=src-nat chain=srcnat comment="src-nat from any to branch using local router lan ip as a mascarade" dst-address=10.10.1.2 dst-port=80,443 protocol=tcp to-addresses=192.168.88.1
add action=dst-nat chain=dstnat comment="dst-nat wan 1" dst-address=122.122.122.10 dst-port=80,443 protocol=tcp to-addresses=192.168.88.254
add action=dst-nat chain=dstnat comment="dst-nat wan 2" dst-address=122.122.122.11 dst-port=80,443 protocol=tcp to-addresses=10.10.1.2
be careful of adjust tcp MSS using mangle between branches across the ipsec tunnel, one symptom of that is ping ok but no winbox of http communication or another TCP application issues
Thank you chechito, it works
Do you have any idea why transfer through IPSec is slow ?
Both sides are using 100 Mbps upload / download, but i can’t get it higher than 5-8 Mbps.
PS: I have no idea how to adjust tcp MSS ( this could be the issue ? )
