Dear All,
I have two Mikrotik routers connected via IPSEC as explained in the Site to Site example of the wiki: http://wiki.mikrotik.com/wiki/Manual:IP/IPsec
In the example above, I can access from 10.1.202.1/24 to 10.1.101.1/24, which is fine.
Now, there is a host on the Internet (let it be ‘21.21.21.21’) that is only accessible from ‘Office 2’. I want all requests from ‘Office 1’ network (10.1.202.0/24) to 21.21.21.21 to be routed through the IPSEC tunnel with ‘Office 1’. I thought I need to add an IPSEC policy on both routers and corresponding NAT rule. But this doesn’t seem to work. Perhaps, I guess I misunderstood how the routing is configured in case of IPSEC tunnel…
Can you please tell me what I need to configure in order for this to work?
Should add ip route from office 1 and office 2
In ip route of office 1 add dst:private network of office 2 and gateway:write gateway of office 1
And the same in office 2 add ip route and write dst:private network of office 1 and gateway:write gateway of office 2
Are you sure? I think it doesn’t work like this in case of IPSEC.
LAN of office 1 can access LAN of Office 2 (and vice versa) without specifying corresponding IP routes. This already works fine.
I think I found a way to do it via GRE. It is still somewhat strange, as it only works when I have an IPSEC policy with src-address 10.1.202.1/24 and dst-address 21.21.21.21 (and the reversed one on the other router).
Looks like I’m still missing something…
I would appreciate an advise on how to get it right.