I want to connect two offices, but I do not want to replace the ISP routers or setup the Mikrotik Routers as main routers as it's mainly a maintenance VPN and should not affect anything else. They are Hex Devices (RB750Gr3).
It's basically a Site-to-Site VPN, and I have added RoadWarrior Clients as well (just not illustrated) so I can also connect from remote.
So I've setup the network above, and connected the Mikrotiks 2 times to the switch, one device is the "local" interface, the second one is the "WAN" interface, although it's in the same network.
So with the corresponding static routes on the main ISP routers, I can redirect the traffic to the Mikrotik devices and route them through the IPSEC Tunnel. The IPSEC tunnel is set up with mode configs, so the two Mikrotiks know "each other".
So my questions are:
1) Do I really have to use 2 connections to the Mikrotiks, can't I just use 1 connection, and receive the traffic on this connection and send it to the IPSEC on the same connection as well?
2) I cannot reach the ISP routers from the "other" side of the VPN. If I am at the client 192.168.2.100, I can't reach 192.168.0.1
Basically it's working, I was just wondering if it's a "rookie bullshit" setup, or if it's the only way if I do not set up the Mikrotik routers as main routers handling DHCP and receive all traffic, so put them before the ISP routers and configure the ISP just to bridging mode.