Community discussions

MUM Europe 2020
 
jeremyh
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 66
Joined: Tue Jul 10, 2012 1:21 pm

How to get traffic to hosts with VPN but not NAT?

Tue Nov 03, 2015 7:27 am

Hello

Simple question here, I think.
Screen Shot 2015-11-03 at 1.14.43 pm.png
What rule is required on the bottom router to allow 'User 1' to get traffic (single TCP port) to Device 1 and 2? Will dst-nat work when there is no NAT masquerading on the VPN-client router?

For eg., will:
/ip firewall nat add chain=dstnat dst-address=10.0.1.10 protocol=tcp dst-port=8080 action=dst-nat to-addresses=172.16.100.6 to-ports=80
Let the remote user see a web-server on Device 2 if he browses to http://10.0.1.10:8080 whilst also being connected to the VPN server?

Thanks!
You do not have the required permissions to view the files attached to this post.
 
ulysses
Frequent Visitor
Frequent Visitor
Posts: 79
Joined: Fri Sep 25, 2015 1:26 pm

Re: How to get traffic to hosts with VPN but not NAT?

Tue Nov 03, 2015 8:31 am

Without NAT on SSTP router it is possible in three ways:

- (preferred) add route to the customer router 10.0.1.0/24 via 172.16.100.4. Otherwise the response packet from 172.16.100.6 will not find it's way to the SSTP client, since it will be forwarded to the customer router.
- Add 10.0.1.0/24 via 172.16.100.4 route to Device1 and Device2 routing tables
- Configure the Device1 and Device2 to use 172.16.100.4 as their default gateway

But I think that adding a NAT on SSTP router is the easiest solution

Who is online

Users browsing this forum: No registered users and 86 guests