Community discussions

MikroTik App
  4. RouterOS
  5. General

IKEv2 Enabling_dynamic_source_NAT_rule_generation  [SOLVED]

Post Reply
 
huntah
Member Candidate
Member Candidate
Topic Author
Posts: 287
Joined: Tue Sep 09, 2008 3:24 pm

IKEv2 Enabling_dynamic_source_NAT_rule_generation

Tue Jun 23, 2020 8:54 pm

Hi,

I have setup RoadWarrior remote office behind NAT.
I use IKEv2 with mode-conf.

I have found that I can route all traffice from remote office over the tunnel via dynamic NAT rule generation.
https://wiki.mikrotik.com/wiki/Manual:I ... generation

Which is fine but I would like to limit this rule to only route remote subnet. If I create a static rule it stops working when the tunnel is recreated because the assigned IP is not static.
I do not use Radius (NPS) to assign fixed IP..

Is there any other way.. I think I could try and Mark packets..
But it would be I nice feature just to tick it in Winbox...
Top
 
huntah
Member Candidate
Member Candidate
Topic Author
Posts: 287
Joined: Tue Sep 09, 2008 3:24 pm

Re: IKEv2 Enabling_dynamic_source_NAT_rule_generation  [SOLVED]

Tue Jun 23, 2020 9:04 pm

Ok,

Connection Mark works perfect for this:
Code: Select all
/ip firewall mangle
add action=mark-connection chain=prerouting dst-address=LOCALSUBNET new-connection-mark=VIAIPSECTUNEL passthrough=yes src-address=REMOTESUBNET
Top
Post Reply

Who is online

Users browsing this forum: No registered users and 127 guests
  4. RouterOS
  5. General