if my device that i want to log in (web) is in the VRF group.
What needs to be done to be able to get access?
i thing Mangle will help. any advice?

I'm accessing remotely by using web-proxy.

I did not understand the meaning of "a device is in a VRF group". Communication with the router itself bypasses any VRF handling. So be more verbose (or even more illustrative) regarding the topology, please.

Hi sindy,

the topology is really simple.

The core device is gateway for the my LAN subnet at cpe site.
On that subnet is sitting my server or anything that i can login remotely.

At the moment im doing that by "web-profy", even with "port forwarding" i will get same result because the ip that im looking for is not in the main routing table.

So i thing i need to do something with tha Mange to leak that ip in to the main table, is that make sense to you?


that is my e.g.

/ip firewall mangle
add action=mark-routing chain=prerouting dst-address=server_ip new-routing-mark=vrf1 passthrough=yes src-address=???
add action=mark-routing chain=prerouting dst-address=??? new-routing-mark=main passthrough=yes routing-mark=vrf1 src-address=server_ip

Where "???" are, im not sure which ip need to be there

Sindy fixed!

/ip route rule
add routing-mark=vrf1 src-address=server_ip table=main
add dst-address=server_ip table=vrf1
i found easy in ip rule.

im wondering how the proper conf would be on Mangle?