This is normally a situation into which one can get only unintentionally. The solution should be as follows:
/ip firewall mangle
add chain=prerouting action=mark-routing dst-address=192.168.11.0/24 new-routing-mark=client-11
add chain=prerouting action=mark-routing dst-address=192.168.22.0/24 new-routing-mark=client-22
add chain=prerouting action=mark-routing dst-address=192.168.33.0/24 new-routing-mark=client-33
/ip firewall nat
add chain=dstnat action=netmap dst-address=192.168.11.0/24 to-addresses=192.168.2.0/24
add chain=dstnat action=netmap dst-address=192.168.22.0/24 to-addresses=192.168.2.0/24
add chain=dstnat action=netmap dst-address=192.168.33.0/24 to-addresses=192.168.2.0/24
/ip route
add routing-mark=client-11 gateway=l2tp-client11
add routing-mark=client-22 gateway=l2tp-client22
add routing-mark=client-33 gateway=l2tp-client33
Mangle takes place before NAT, so at that moment the packet's dst-address is still the distinct one, so we can assign the routing-mark. Then the dstnat translates the prefix from the distinctive one (192.168.xx) to the overlapping one (192.168.2), and finally the route with routing-mark sends matching packets out the appropriate L2TP interface.
In order that this soultion would survive client disconnection and re-connection or server reboot, you need to define the static aliases for L2TP client interfaces at server side if you haven't done it yet:
interface l2tp-server
add name=l2tp-client11 user=client11
add name=l2tp-client22 user=client22
add name=l2tp-client33 user=client33
EDIT: fixed the mistake in the mangle rules as per the post below.
Dear all,
I have 2 site
Site A will be the VPN server
I want Site B to be connected with Site A through a VPN. and I will dial Windows client VPN on my desktop and will be able to access site B Lan resource.
How I can deploy this..?
Please suggest any idea for that
Thanks
Regards
You do not have the required permissions to view the files attached to this post.