Hello,
I am trying to create an ipsec site to site using this router and a RB3011, the setup is a bit tricky and i can’t seem to get it to work.
The setup is like this
ISP (/29) three available IP’s x.x.x .186,x.x.x.187,x.x.x.188 - Main site is using x.x.x.186
RB3011- Ether1 WAN (x.x.x.186)
Ether2 - Rocket M5
Ether4 - Fortinet (The one creating the site to site, using 172.16.x.x)
All three addresses are listed on IP-> Addresses → Interface Ether 1
Rocket M5 (192.168.27.253) to Powerbeam M5 (192.168.27.251) to
RB2011UiAS - Ether1 - 192.167.27.240 (WAN) - LAN 192.168.3.0/24
Ether3 - Fortinet 192.168.3.200 (172.16.x.x)
I did netmap from x.x.x.187 to 192.168.27.240 and src-nat from 192.168.27.240 to x.x.x.187, and i can access the RB2011 and i can go online, the only thing i cannot do is get the fortinet ipsec site to site going, i can traceroute from RB2011 x.x.x.186 UDP port 4500, but from main site when trying to traceroute x.x.x.187 UDP Port 4500 , maybe i am missing a route or i am doing double NAt, but i don’t know where.
Also i did filter rules to forward all dstnat packets and on filter nat i am sending port 443 to 192.168.3.200 (Fortinet) and can access, also dstnat to 192.168.3.200 port 500,4500 UDP, but the tunnel just won’t work.
Any ideas?
Regards,