Community discussions

MikroTik App
 
finalcutroot
newbie
Topic Author
Posts: 45
Joined: Sun Mar 09, 2014 9:36 pm

NAT internal address before passing to VPN

Tue Dec 20, 2016 1:47 pm

i need to nat 172.16.3.151 into 192.168.200.151 before it pass the ipsec vpn tunnel

Source Network Translated Network Remote Network

172.16.3.151 192.168.200.151 10.3.136.0

i need to know only how to translate 172.16.3.151 into 192.168.200.151 so if the 172.16.3.151 ping 10.3.136.0 the ping look like he came from 192.168.200.151
 
finalcutroot
newbie
Topic Author
Posts: 45
Joined: Sun Mar 09, 2014 9:36 pm

Re: NAT internal address before passing to VPN

Wed Dec 21, 2016 8:27 pm

any help
 
Sob
Forum Guru
Forum Guru
Posts: 9119
Joined: Mon Apr 20, 2009 9:11 pm

Re: NAT internal address before passing to VPN

Wed Dec 21, 2016 9:00 pm

/ip firewall nat
add chain=srcnat src-address=172.16.3.151 dst-address=10.3.136.0 action=src-nat to-addresses=192.168.200.151
 
finalcutroot
newbie
Topic Author
Posts: 45
Joined: Sun Mar 09, 2014 9:36 pm

Re: NAT internal address before passing to VPN

Wed Dec 21, 2016 9:30 pm

/ip firewall nat
add chain=srcnat src-address=172.16.3.151 dst-address=10.3.136.0 action=src-nat to-addresses=192.168.200.151

Many thanks bro, do i need to make static route as long this 192.168.200.151 is not listed on any of my router interface
your help is really appropriated
 
Sob
Forum Guru
Forum Guru
Posts: 9119
Joined: Mon Apr 20, 2009 9:11 pm

Re: NAT internal address before passing to VPN

Wed Dec 21, 2016 9:54 pm

Not necessarily. If it's used only for outgoing connections, it can work even without being assigned anywhere.
 
finalcutroot
newbie
Topic Author
Posts: 45
Joined: Sun Mar 09, 2014 9:36 pm

Re: NAT internal address before passing to VPN

Wed Dec 21, 2016 10:25 pm

but no traffic pass through the nat exempt
my nat exempt is
accept from 192.168.200.151 10.3.136.0 , but no hits
 
Sob
Forum Guru
Forum Guru
Posts: 9119
Joined: Mon Apr 20, 2009 9:11 pm

Re: NAT internal address before passing to VPN

Wed Dec 21, 2016 11:37 pm

If you have accept rule in srcnat chain to exempt traffic from default masquerade, and this new rule before it, you won't see additional hits there. Rule with action=src-nat is enough as end result. But it should be ok, because neither default masquerade will catch the connection.

If it doesn't work as it should, you probably need to post your config, so that someone can tell what exactly is going on.
 
finalcutroot
newbie
Topic Author
Posts: 45
Joined: Sun Mar 09, 2014 9:36 pm

Re: NAT internal address before passing to VPN

Fri Dec 23, 2016 8:46 pm

If you have accept rule in srcnat chain to exempt traffic from default masquerade, and this new rule before it, you won't see additional hits there. Rule with action=src-nat is enough as end result. But it should be ok, because neither default masquerade will catch the connection.

If it doesn't work as it should, you probably need to post your config, so that someone can tell what exactly is going on.

thank you bro, you saved me :)))))

Who is online

Users browsing this forum: cesarfernandez63, mszru, SanchoHa and 52 guests