I’m having problem forwarding any dst-nat request to my exchange server inside and my scenario is the following
Two Mikrotik Routers (Firewall) and LAN
I have published MS Exchange server through the Mikrotik A (using DST-NAT) for the following ports: TCP (443, 25, 80) and the Exchange Gateway is the internal IP of Mikrotik A. (i.e: I access OWA by using webmail.xyz.com)
Now I have the other Mikrotik B which has another Internet connection and I also created a dst-nat rule to Exchange (backup access connection for HTTPS requests to Exchange server in case the connection on Mikrotik A fails for some reason) (i.e: I access OWA by using webmail2.xyz.com)
Everything is working perfectly through Mikrotik A. but I can’t access OWA through Mikrotik B.
Inside Address on both mikrotik are the same subnet 192.168.0.0/24
Inside address for Mikrotik A: 192.168.0.254 and this IP is the gateway on Exchange server.
Inside address for Mikrotik B: 192.168.0.253.
This will not work. You have created a triangle route - when someone attempts to access the server through Mikrotik B, your exchange server is sending it’s packets to Mikrotik A, which will then forward them on out to the internet through it’s connection which will not work as the packet will then get NAT’d to the incorrect address. If you had both internet connections connected to the one Mikrotik I would imagine it could be made to work as then you would only have a single NAT table and would be able to use ECMP.
so that incoming requests from backup line were coming to server via router A.
then on A just mark incoming connections from internetA to server with mark1, and connections from LAN interface to server with mark2 (those will be connections from B). after that all replies with connection-mark2 send to B, not to internetA