Hi

I am wanting to ping devices for monitoring from NEMS from our company LAN 10.0.0.0/23 to several Wireless Access Points on our Hotspot network 172.16.16.0/24 in a secure manner. Both on different interfaces.

It does not seem to be possible to have a second interface on the NEMS box.

We have thought about 3 options.

My boss thinks we should simply be able to route the traffic on the Mikrotik Rb3011 directly allowing 172.16.16.0 ICMP traffic to the nems box 10.0.1.91. Is that even possible?

I think it would be better to NAT translate so that NEMS ping an ip address in the 10.0.0.0/23 network translates to the AP in the 172.16.16.0/24 network

Option 3 (less secure) allow pings out on the internet and allow rules for each device.

What would you do?

Thanks

Mark

How is your hotspot network (with the AP's) "connected" to the corporate RB3011 ? Or is there NO connection at all today and is this hotspot network a remote "island" somewhere...
Perhaps a simple VPN-tunnel would be solution (eg. across Internet) and then you can decide what traffic you allow through it.

There is currently an interface to the corporate LAN 10.0.0.0/23 but currently this purely as a management interface only for the Mikrotik. We still dont want the corporate and hotspot AP network connected other than pings

There is currently an interface to the corporate LAN 10.0.0.0/23 but currently this purely as a management interface only for the Mikrotik. We still dont want the corporate and hotspot AP network connected other than pings

Well then it is just a matter of routing + firewall-filter ?
I don't see any problem with that.