Hi,

I have a problem that is a bit annoying for me. I will say I am new to MikroTik so I am properly missing something.

The problem I have is that we uses four VPN-tunnels to different sites and on each site there a phones counting to the central IPPBX over the IPSec tunnel. The problem I have now is that then you look at the packages that is send to the PBX the IP Source IP is the MikroTik router instead of the phones IP address. This corses a problem as we filter on source IP adress on the PBX to secure each extension. So now all extension comes form the same ip subnet, that is 192.168.1.0/24 instead of from each uniq subnet.
All other routers I have been working with earlier has not changed the source IP address on an IPSec tunnel.
The idea with a IPSec tunnel is that the complete IP package is encapsulated before encrypted and then transmit over the network.
Is there setting I am missing to correct this issue?

Have you excluded IPSEC traffic from NAT?

https://wiki.mikrotik.com/wiki/Manual:I ... ack_Bypass

Thanks for the help.

That solved it. I had added the srcnat rule but not the firewall raw rule.