redirect outbound traffic to specific remote server

edgarsw · September 12, 2008, 9:19pm

Hello,

I have a problem. I need to redirect requests from my remote clients (trough ipsec vpn) to specific lotus remote server from headquarters ip address.
In general it looks like this:
remote vpn client → cisco vpn gateway → local dmz → (trough main ip address(mikrotik)) → remote lotus server
remote vpn clients gets ip address 192.168.1.x from local dmz
i have 195.x.x.x on my main miktotik router
i need to establish to remote 80.x.x.x tcp port 1352
Any sugestions?

edgarsw · September 12, 2008, 10:14pm

Here is diagram for my problem: (see in picture)

I think I need to configure remote client to connect to local MT dmz address and then I need to route or redirect (or dest-nat) this traffic to Lotus server. How to make it?

edgarsw · September 14, 2008, 5:52pm

Hi again,

I tried solution but it did’t work:

add action=dst-nat chain=dstnat disabled=no
dst-address=192.168.1.254 dst-port=1352 protocol=tcp src-address=192.168.1.0/24
to-addresses=80.x.x.x to-ports=1352

add action=accept chain=forward comment=“” disabled=no dst-address=80.x.x.x protocol=tcp
src-address=192.168.1.0/24

Bouth rules got traffic but nothing went out from MT public network ip.

Any suggestions?

edgarsw · September 15, 2008, 8:24am

Hello,

Is there anybody???
Any suggestions what I did wrong with configuration??
I need this solve very fast!!!

galaxynet · September 15, 2008, 3:21pm

edgarsw -

I might be missing something but here goes…

I do not see how you are going to ‘re-route’ traffic from the Cisco through the DMZ to the MT and then through the MT to another public IP through the Internet cloud to your Lotus server and back again… Perhaps your drawing is in error?

If not (the drawing in error) are you src-nat’ing everything leaving the MT for the Internet to the correct IP for the lotus server to respond to?

What gateway are you giving the the VPN clients - .1 or .254?

I’ve done a lot of ‘wild’ things with MT ROS - it is VERY flexible - but I just don’t quite ‘see’ how this is going to work as described… I use VPN all the time, connect to everything that way in my networks from the outside, saves on IPs and adds a lot of security. I have even VPN’d in to one network and then VPN’d in to a remote network from the first VPN…and connected to a remote server from a different remote location using a VPN from a third location…all work well. But what you are descibing seems just a little different…

R/