Community discussions

MUM Europe 2020
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 66
Joined: Tue Jul 10, 2012 1:21 pm

How to get traffic to hosts with VPN but not NAT?

Tue Nov 03, 2015 7:27 am


Simple question here, I think.
Screen Shot 2015-11-03 at 1.14.43 pm.png
What rule is required on the bottom router to allow 'User 1' to get traffic (single TCP port) to Device 1 and 2? Will dst-nat work when there is no NAT masquerading on the VPN-client router?

For eg., will:
/ip firewall nat add chain=dstnat dst-address= protocol=tcp dst-port=8080 action=dst-nat to-addresses= to-ports=80
Let the remote user see a web-server on Device 2 if he browses to whilst also being connected to the VPN server?

You do not have the required permissions to view the files attached to this post.
Frequent Visitor
Frequent Visitor
Posts: 79
Joined: Fri Sep 25, 2015 1:26 pm

Re: How to get traffic to hosts with VPN but not NAT?

Tue Nov 03, 2015 8:31 am

Without NAT on SSTP router it is possible in three ways:

- (preferred) add route to the customer router via Otherwise the response packet from will not find it's way to the SSTP client, since it will be forwarded to the customer router.
- Add via route to Device1 and Device2 routing tables
- Configure the Device1 and Device2 to use as their default gateway

But I think that adding a NAT on SSTP router is the easiest solution

Who is online

Users browsing this forum: No registered users and 86 guests