Hey!
I have 2 RB 2011 in 2 different Locations.
RB1: 192.168.0.1
RB2: 192.168.88.1
They are connected via ipsec. The tunnel work’s fine. I can also ping/reach from RB2 → RB1
But from RB1-> RB2 i can only ping the Gateway (192.168.88.1), Computers, Printers, ap’s… are not reachable.
Do i Need some more NAT Rules etc…? I have ony masquerade eth1 on both sides
Thanks for your Help
Hello, yes you need a rule like this :
/ip firewall nat
add action=accept chain=srcnat dst-address=192.168.88.0/24 src-address=192.168.0.0/24 (Router 192.168.0.1)
and in the second router :
/ip firewall nat
add action=accept chain=srcnat dst-address=192.168.0.0/24 src-address=192.168.88.0/24 (Router 192.168.88.1)
Place the rule in the top.
Thay are necessary to prevent masquerading the subnet.
Regards,