I have a client that can only use IPSEC connections due to company rules. I used to connect to this client using a SBC (session border controller), with a openswan vpn ipsec software, and that was fine because all my servers have a public and a internal address (google cloud plataform), he connects to the SBC, and SBC exchanges traffic with others virtual servers. Now have a mikrotik CCR1036 and physical servers, all of them have only external public IP address. I dont know how I supposed to do this now.
I have 2 internet gateways and a /27 IP address range.