Hi there,
I notice some odd behaviour when troubleshooting. It appears some internal IP are not being NAT'ed.
Scenario is basic src NAT masquerade from LAN to WAN.
/ip firewall nat
add action=masquerade chain=srcnat comment="default configuration" out-interface=eth01-WAN src-address=10.74.4.0/23 to-addresses=0.0.0.0
/ip address
add address=202.94.35.236/29 comment="WAN" interface=eth01-WAN network=202.94.35.232
add address=10.74.4.1/23 comment="LAN range." interface=eth02-LAN network=10.74.4.0
On the Mikrotik we can find a sample connection such as follows
And the Reply DST Address is the public IP as expected
However on the upstream router (Cisco) we can see flows arriving with both the private LAN IP and public visible IP
QBN-7APT-CO-GWC1#sh ip cache flow | i 189.47.84.9
Gi0/3.3 10.74.4.109 Gi0/2 189.47.84.9 06 F5E0 41DE 1
Gi0/3.3 10.74.4.109 Gi0/2 189.47.84.9 06 F76B 41DE 1
Gi0/3.3 202.94.35.236 Gi0/2 189.47.84.9 06 F9E1 41DE 2
Gi0/2 189.47.84.9 Gi0/3.3 202.94.35.236 06 41DE F9E1 2