Page 1 of 1

Convert from Cisco to Mikrotik

Posted: Tue Aug 14, 2018 12:37 pm
by Youssef
Hello everyone, at the level of my project I had a router Mikrotik that I have to configure it but unfortunately this is my first time that I use it. So, is there anyone who can help me in this level to convert my code from Cisco to Mikrotik?

My configuration is like this:
-------------------------------------------------------------------
interface F0/0
ip address 10.0.0.1 255.255.255.252
ip nat inside
interface F0/1
ip address 172.16.1.1 255.255.255.0
ip nat outside
access-list 1 permit 192.168.1.0 0.0.0.255
ip nat inside source list 1 interface F0/1 overload
ip nat inside source static 192.168.2.1 172.16.1.2
ip route 192.168.1.0 255.255.255.0 10.0.0.2
ip route 192.168.2.0 255.255.255.0 10.0.0.2
ip route 0.0.0.0 0.0.0.0 172.16.1.254
-------------------------------------------------------------------
Thank you.

Re: Convert from Cisco to Mikrotik

Posted: Tue Aug 14, 2018 2:58 pm
by jwier92
There is a start, I will look at the NAT later, I have to run now.

/ip address add interface=ether1 address=10.0.0.1/30
/ip address add interface=ether2 address=172.16.1.1/24
/ip route add dst-address=192.168.1.0/24 gateway=10.0.0.2
/ip route add dst-address=192.168.2.0/24 gateway=10.0.0.2
/ip route add dst-address=192.168.1.0/24 gateway=172.16.1.254

Re: Convert from Cisco to Mikrotik  [SOLVED]

Posted: Tue Aug 14, 2018 3:21 pm
by usdmatt
/ip firewall nat add chain=srcnat action=masquerade out-interface=ether2
/ip firewall nat add chain=srcnat action=src-nat out-interface=ether2 src-address=192.168.2.1 to-addresses=172.16.1.2

Also looks like last reply forgot to change destination network in the default nat rule

/ip route add dst-address=0.0.0.0/0 gateway=172.16.1.254

Re: Convert from Cisco to Mikrotik

Posted: Tue Aug 14, 2018 3:34 pm
by jwier92
Thank you for catching my missing route and the NAT rules.

Re: Convert from Cisco to Mikrotik

Posted: Wed Aug 15, 2018 4:36 pm
by IPANetEngineer
Just a tip, MikroTik recommends using src-nat instead of masquerade when possible as the performance is much better than masquerade.

Re: Convert from Cisco to Mikrotik

Posted: Thu Aug 16, 2018 11:17 am
by usdmatt
I'm sure you're right but is there any information from Mikrotik which shows that src-nat is preferred over masquerade? All I can find is a post from a few years ago from Mikrotik support saying there should be no visible performance difference. (viewtopic.php?t=94776). I don't argue that src-nat may perform better (although you'd hope masq would effectively be coverted to src-nat internally), but I've not come across any specific recommendations to always prefer src-nat.

Also what would be the best way to convert masq to src-nat? By changing the rule and specifying a to-address, but no port, my gut feeling is that only the address would change and not port, which is no good if you might have multiple internal devices using the same src port. Specifying the to-port as a range appears in some examples, but doesn't work unless you specify tcp/udp, which means you'd have to have more than one rule.

Re: Convert from Cisco to Mikrotik

Posted: Thu Aug 16, 2018 1:33 pm
by nescafe2002
Not sure if MikroTik recommends it, but it was in one of the MUM presentations.

https://mum.mikrotik.com/presentations/ ... 948376.pdf

Pages 22-26.

Re: Convert from Cisco to Mikrotik

Posted: Wed Sep 19, 2018 3:53 pm
by Youssef
Thank you everyone :)