Hello,
I currently working on a design with two CCR1036 terminating a 10Gb WAN each.
The setup looks like is:
|---- FIREWALL01 — CORE ----- DIST ----- ACCESS ----- CLIENT01
ISP CPE ------| /////////////////////////////////// | /////////////// |
|---- FIREWALL02 — CORE ----- DIST ----- ACCESS ----- CLIENT02
Both firewall is routing BGP to the ISP with /30 routing links
We have assigned a /24 PA scope, which we can use for NAT.
Each firewall announce a /25 via BGP
SRC-NAT rule on firewall01:
[flash=]add action=src-nat chain=srcnat disabled=no out-interface=sfp-sfpplus2 src-address=10.0.0.0/8 to-addresses=193.160.1.0/25[/flash]
SRC-NAT rule on firewall02:
[flash=]add action=src-nat chain=srcnat disabled=no out-interface=sfp-sfpplus2 src-address=10.0.0.0/8 to-addresses=193.160.1.128/25[/flash]
When client01 will make an connection to the internet, how will NAT in the Mikrotik be done?
Will it use a hash for each flow or is it a combination of SRC/DST IP?
// Henrik