Code: Select all
# R1
/system identity
set name=R1
/ip address
add address=10.1.2.1/30 interface=ether1 network=10.1.2.0
Code: Select all
# R2
/system identity
set name=R2
/ip address
add address=10.1.2.2/30 interface=ether1 network=10.1.2.0
add address=10.2.3.1/30 interface=ether2 network=10.2.3.0
/ip firewall nat
add action=dst-nat chain=dstnat dst-address=10.1.2.2 dst-port=1111 protocol=tcp \
to-addresses=10.2.3.2
add action=src-nat chain=srcnat dst-address=10.2.3.2 dst-port=1111 protocol=tcp \
to-addresses=10.2.3.1
/ip ipsec peer
add address=1.2.3.4/32 name=peer1 passive=yes
/ip ipsec policy
add dst-address=10.1.2.0/30 peer=peer1 src-address=10.1.2.0/30 tunnel=yes
Code: Select all
# R3
/system identity
set name=R3
/ip service
set telnet port=1111
/ip address
add address=10.2.3.2/30 interface=ether1 network=10.2.3.0
With IPSec policy, even not active, packet go through dst-nat and disappear somewhere in "ROUTING DECISION", probably.
So, my question is not about IPSec config, it is totally wrong. My question about packet flow and an influence of IPSec on packet flow. Why packet disappeared after PREROTING (dst-nat)?