I have a client who has to offices with different ISP. Their connection setup is as below :
SITE I [HQ] :
Radio > Juniper > LAN Switch [192.168.20.1/24]
SITE II :
Radio > Mikrotik > LAN Switch [192.168.1.1/24]
They have SAP server located in another country which works well at HQ via the Juniper but not working at SITE 2. Client doesn’t want to give us access for Juniper.I proposed that we install a Mikrotik Router at HQ, configure SITE to SITE tunnel using IPSec so that LAN on both sites can see each other. Move Juniper in LAN range and have SITE 2 access it that way. Client refused. Also refused configuring IPSec on Juniper. I am fairly new at Mikrotik and need suggestions/help to sort this out. SITE 2 HAS TO pass through SITE 1.
One possible solution would be to install another MikroTik on the LAN of Site1, and configure it to dial to site two via some Tunnel, L2TP, EoIP, etc. Then you can encrypt that traffic via IPSec if desired.
As long as the Site1 MikroTik can reach the internet you should be good to get routing working between the sites. No need to reconfigure their entire network, just have a host on the inside of Site1 that you control.
If I install a Mikrotik in SITE 1 - LAN, that means I am getting DHCP from their Juniper to connect to internet. I configure it to dial to SITE 2 therefore creating a VPN between the two Mikrotiks only. How does traffic now flow to the Juniper?
SITE 1 > Radio > Juniper > LAN > Mikrotik [WAN Port]
The Juniper should see it as another host behind the network, and allow outbound connections from it. It will not see individual streams of traffic, just an IPSec tunnel with data flowing through it.
You can also put the Mikrotik an another public IP address that is different that the Juniper, and have one of the free ports connected into their LAN.
In either case the Juniper will also need to have a route installed that says it can get to site2’s network by talking to the MikroTik on the LAN.
The OP can’t make any changes on the Juniper, which is why I had thought you had suggested an L2 tunnel between a pair of Mikrotiks at Site I and Site II. With an L2 tunnel [eg EoIP] the Juniper won’t know that Site II hosts aren’t actually at Site I. Obviously, Site II will need to be need to be renumbered to 192.168.20.0/24.
That is another option, but in addition to needing to renumber site2, it would/should also change to static addresses, with a local default gateway. Otherwise if there is a DHCP server on Site1 and Site 2, there could be address conflicts, as well as getting the remote default gateway causing them to use the layer2 tunnel and the remote site to get out to the internet. It is easier to contain that stuff by routing between the sites, but if Site1 refuses to make any changes to their gear, that’s basically the last option open to you.
You lost me chief.