Community discussions

MikroTik App
 
apleschu
just joined
Topic Author
Posts: 13
Joined: Fri Oct 22, 2021 2:46 pm

Ipsec with NAT understanding problem

Fri Oct 22, 2021 3:10 pm

Environment: RouterOS7

We hold a number of VPN tunnels open at all times, some for our developers, some for our customers and last some for our systems out in the field.

The VPN Protocols we are using is Wireguard and IPsec . All this is an existing Environment into which the Mikrotik router is being dropped in as a VPN gateway and firewall.

The Environment looks approximately like this:

---- Internal LANS ----
192.168.4.0/24 and 192.168.150.32/27
|
ROUTER
192.168.100.10
|
|
192.168.100.1
MikroTik 4011
(Firewall, VPN gateway)
||
||
Internet/VPNs

I hope the "drawing" is clear enough. Basically we have two internal subnets. One that needs to have connections to the outside world and into the VPNs and one that does not. Almost everything works, up to and including IPsec, with one slight exception. I have two IPsec VPNs that need to have the source IP rewritten to a different one. For the sake of the document lets assume I want my (many to one is sufficient) IP instead of 192.168.4.50 it needs to be rewritten to be 192.168.17.1 on the other end of the IPsec tunnel. This rewriting is where I am stumbling. I know how to use src-and dst-nat, just the connection with IPsec is where I can't seem get a handle. All the other IPsec tunnels are "transparent" I am showing up on the other end with my "original" IP.

Can someone describe this last step for me?

Who is online

Users browsing this forum: Bing [Bot] and 44 guests