Hello everyone, at the level of my project I had a router Mikrotik that I have to configure it but unfortunately this is my first time that I use it. So, is there anyone who can help me in this level to convert my code from Cisco to Mikrotik?
My configuration is like this:
-------------------------------------------------------------------
interface F0/0
ip address 10.0.0.1 255.255.255.252
ip nat inside
interface F0/1
ip address 172.16.1.1 255.255.255.0
ip nat outside
access-list 1 permit 192.168.1.0 0.0.0.255
ip nat inside source list 1 interface F0/1 overload
ip nat inside source static 192.168.2.1 172.16.1.2
ip route 192.168.1.0 255.255.255.0 10.0.0.2
ip route 192.168.2.0 255.255.255.0 10.0.0.2
ip route 0.0.0.0 0.0.0.0 172.16.1.254
-------------------------------------------------------------------
Thank you.
Re: Convert from Cisco to Mikrotik
There is a start, I will look at the NAT later, I have to run now.
/ip address add interface=ether1 address=10.0.0.1/30
/ip address add interface=ether2 address=172.16.1.1/24
/ip route add dst-address=192.168.1.0/24 gateway=10.0.0.2
/ip route add dst-address=192.168.2.0/24 gateway=10.0.0.2
/ip route add dst-address=192.168.1.0/24 gateway=172.16.1.254
/ip address add interface=ether1 address=10.0.0.1/30
/ip address add interface=ether2 address=172.16.1.1/24
/ip route add dst-address=192.168.1.0/24 gateway=10.0.0.2
/ip route add dst-address=192.168.2.0/24 gateway=10.0.0.2
/ip route add dst-address=192.168.1.0/24 gateway=172.16.1.254
Re: Convert from Cisco to Mikrotik [SOLVED]
Code: Select all
/ip firewall nat add chain=srcnat action=masquerade out-interface=ether2
/ip firewall nat add chain=srcnat action=src-nat out-interface=ether2 src-address=192.168.2.1 to-addresses=172.16.1.2Also looks like last reply forgot to change destination network in the default nat rule
Code: Select all
/ip route add dst-address=0.0.0.0/0 gateway=172.16.1.254Re: Convert from Cisco to Mikrotik
Thank you for catching my missing route and the NAT rules.
-
-
StubArea51
Trainer
- Posts: 1739
- Joined:
- Location: stubarea51.net
- Contact:
Re: Convert from Cisco to Mikrotik
Just a tip, MikroTik recommends using src-nat instead of masquerade when possible as the performance is much better than masquerade.
Re: Convert from Cisco to Mikrotik
I'm sure you're right but is there any information from Mikrotik which shows that src-nat is preferred over masquerade? All I can find is a post from a few years ago from Mikrotik support saying there should be no visible performance difference. (viewtopic.php?t=94776). I don't argue that src-nat may perform better (although you'd hope masq would effectively be coverted to src-nat internally), but I've not come across any specific recommendations to always prefer src-nat.
Also what would be the best way to convert masq to src-nat? By changing the rule and specifying a to-address, but no port, my gut feeling is that only the address would change and not port, which is no good if you might have multiple internal devices using the same src port. Specifying the to-port as a range appears in some examples, but doesn't work unless you specify tcp/udp, which means you'd have to have more than one rule.
Also what would be the best way to convert masq to src-nat? By changing the rule and specifying a to-address, but no port, my gut feeling is that only the address would change and not port, which is no good if you might have multiple internal devices using the same src port. Specifying the to-port as a range appears in some examples, but doesn't work unless you specify tcp/udp, which means you'd have to have more than one rule.
-
-
nescafe2002
Forum Veteran
- Posts: 897
- Joined:
- Location: Netherlands
Re: Convert from Cisco to Mikrotik
Not sure if MikroTik recommends it, but it was in one of the MUM presentations.
https://mum.mikrotik.com/presentations/ ... 948376.pdf
Pages 22-26.
https://mum.mikrotik.com/presentations/ ... 948376.pdf
Pages 22-26.
