Community discussions

MikroTik App
 
Zergling
just joined
Topic Author
Posts: 12
Joined: Fri Nov 04, 2011 9:20 pm

IPSec IKEv2 on Mikrotik client through double NAT (even triple)

Thu Jul 02, 2020 1:36 pm

I connected the IPSec between Mikrotiks from which the server is a router in the network with an external IP, and the client LTE terminal (SXT LTE) without public IP. Everything got connected, Active Peers came in from both sides, but... As you know on LTE in most operators you will not get public IP, therefore there is NAT somewhere in the operator and another (Masquerade) on the LTE interface in Mikrotik itself to handle LAN .
My problem is that I can't push LAN traffic through the IPSec tunnel.
In ipsec I created mode-config
add name=cfg1 responder=no src-address-list=192.168.1.0/24
which creates dynamic NAT, but no packet go through it.
Theoretically there is one solution to do that. I have to push out traffic through the double NAT. First dynamic NAT created by IPSec rules and after that (after encryption packet) once again through NAT or Mascarade of LTE connection. But I don’t know how to do in the Miktorik firewall. Maybe some jump rules?
Please help me.

Who is online

Users browsing this forum: No registered users and 16 guests