We are trying to connect IP devices to a server(41.162.6.80) through our ADSL connection using Fastnet Wireless VPN network
This is our setup:
IS ADSL Router with IP 196.37.169.225/29 (First IP 196.37.169.226)
RB750 with the following IP settings:
Ether1 196.37.169.226/29 : Static ADSL (Cable to Cisco ADSL Router)
Ether2 10.50.7.1/24 : DMZ (Cable to Switch)
Ether3 192.168.2.1/24 : Local LAN (Cable to Switch)
Ether4 192.168.1.182/29 : Fastnet VPN (cable connected directly to Fastnet Router)
Ether5 Not used
The 0.0.0.0/0(Default route) is setup to 196.37.169.225 (ADSL Router)
The Fastnet network has a main router with IP 192.168.1.177 and all sites connect to this Fastnet Router to our network. We do not have access to this router for administration.
To have access to the remote sites through the Fastnet router, we add static routes on the Mikrotik router. i.e. to access a remote network 10.168.3.0/24 we add a static route to this network on the Mikrotik with gateway 192.168.1.177(the fastnet Router IP at our headoffice)
There is also a general Masquerade rule to allow Internet access.
When connecting a host directly on the Fastnet network at headoffice (192.168.1.176/29), traffic to 41.162.6.80 works as expected (Successful ping, remote desktop, tracert etc), but once you connect through a remote router (10.168.3.1) the packets just drop at 196.37.169.225.
Here is the traceroute from 192.168.1.178(Directly from Display Unit A):
Tracing route to VPN-BOX [41.162.6.80]
over a maximum of 30 hops:
1 1 ms 1 ms 1 ms 192.168.1.177
2 1 ms 1 ms 1 ms 192.168.1.182
3 2 ms 2 ms 2 ms 196.37.169.225
4 16 ms 14 ms 14 ms 196.36.16.117
5 16 ms 15 ms 14 ms 196.35.63.65
6 16 ms 13 ms 15 ms 168.209.1.139
7 16 ms 14 ms 14 ms 196.26.0.10
8 17 ms 13 ms 14 ms 198.32.142.24
9 16 ms 15 ms 13 ms 41.160.0.243
10 * * * Request timed out.
11 * * * Request timed out.
12 36 ms 34 ms 35 ms VPN-BOX [41.162.6.80]
13 39 ms 36 ms 38 ms VPN-BOX [41.162.6.80]
Here is the traceroute from 10.168.3.2(From Display Unit B)
Tracing route to 41.162.6.80 over a maximum of 30 hops
1 <1 ms <1 ms <1 ms 10.168.3.1
2 209 ms 191 ms 207 ms 6.6.6.1
3 * * * Request timed out.
4 301 ms * 273 ms 192.168.1.182
5 271 ms 339 ms 299 ms 196.37.169.225
6 * * * Request timed out.
7 * * * Request timed out.
8 * * * Request timed out.
9 * * * Request timed out.
10 * * * Request timed out.
11 * * * Request timed out.
12 * * * Request timed out.
13 * * * Request timed out.
14 * * * Request timed out.
15 * * * Request timed out.
16 * * * Request timed out.
17 * * * Request timed out.
18 * * * Request timed out.
Here is the Masquerade rule:
chain=srcnat action=masquerade
In short, (as per attached network diagram), when connected as Display Unit A, the masquerading works, when connected as Display unit B.
A static route has been added on the Fastnet Router (192.168.1.177) to 41.162.6.80 with gateway 192.168.1.182(Mikrotik IP)
Any help in this matter will be highly appreciated
networkdiagram.pdf (197 KB)
natrules.rsc (4.34 KB)