Hi everyone,
I have the following problem;
In the building where I work there is a second network (LAN B) and I need to access a server (192.168.2.250) on that second network.
I cannot change any settings on the second router.
LAN B is connected to ether5 on Mikrotik
On the Mikrotik I have one port set as DHCP-Client. (not set to add to default-route) On this port I get an IP address 192.168.2.100.
I’ve been searching the forums but I can’t find what to do next. what do I do next?
You need access to router 2 or you need to masquerade all packets so that the server / router b know how to get back to you.
The preferred solution would be routing but that would require access to router 2.
That means you’re left with masquerading (NAT). Try:
ip firewall nat add action=masquerade src-address=192.168.1.0/24 dst-address=192.168.2.0/24 out-interface=LanB
Use the place-before property to make sure it is above your general NAT rule to the Internet.
Thanks! that was easy… Works like a charm 
Edit;
This works for the regular users. Not for the users on the “go-through-vpn” addresslist.
IP address’ on this list get a Routing Mark and are send through a VPN.
Although I would have thought this VPN address list would be ignored because your suggested rule is above all others.
I got it to work by adding
! 192.168.2.0/24 to the DST address in the mangle rule.
No problem, remember all traffic hitting that server will look like it is coming from just your MikroTik’s IP address. The server will not know the clients real private IP. Not sure if this matters.
The far better solution would be to get access to the other router and add a route back to your network.