Community discussions

MikroTik App
 
jbasford
just joined
Topic Author
Posts: 2
Joined: Tue Apr 26, 2022 8:18 am

Outbound routing question

Tue Apr 26, 2022 10:31 am

Hi all - thanks in advance for any help given. I've got a strange outbound routing question. I've got 2 routers, with a series of devices connected behind them, one in New Zealand, one in Australia. Our NZ device is not given a Public WAN address by our ISP, while our Australian device is given 2 (on purpose). We have a finance app that needs to talk to and from the Internet via the second Public IP we are given on our Australian connection. I already have an outbound NAT rule in place so that the finance workstation in Australia NATs out all Internet traffic from the right IP address, but how do I do the same from a new finance workstation in NZ?

I've attached a quick diagram of the network layout for easy reference.

Australia Router #1
WAN IP 1– 130.102.4.19
WAN IP 2 - 130.102.4.20
LAN IP – 192.168.20.1/24

New Zealand Router #2
WAN IP – 10.10.10.10
LAN IP – 192.168.10.1/24

PC #2 in Australia = 192.168.20.45 and outbound NAT's to the 130.102.4.20 WAN IP 2.
PC #2 in NZ = 192.168.10.55 and needs to cross the VPN tunnel and outbound through the same Public IP now.

How do I configure the NZ router to forward all traffic across to Australia, and then have the Australian router NAT the traffic back over the VPN successfully?

Thanks for any help and guidance

Jay
You do not have the required permissions to view the files attached to this post.
 
User avatar
Larsa
Forum Guru
Forum Guru
Posts: 1025
Joined: Sat Aug 29, 2015 7:40 pm
Location: The North Pole, Santa's Workshop

Re: Outbound routing question

Tue Apr 26, 2022 11:05 am

Hello @jbasford, welcome to the forum!

If I understand it correctly: you already have got a site-to-site VPN between net 192.168.10 (NZ) and 192.168.20 (AU) up and running. Now you want to relay ALL traffic from NZ through the AU router?

If so, perhaps something similar to this is applicable: "Site-To-Site VPN tunnel while accessing internet from one router"

EDIT:
Assuming you are using IPsec, you may skip the "road warrior" part at the end of the post as I assume that NZ is already configured as an IPsec initiator due to lack of public IP.
 
jbasford
just joined
Topic Author
Posts: 2
Joined: Tue Apr 26, 2022 8:18 am

Re: Outbound routing question

Wed May 04, 2022 11:15 am

Larsa - thanks for the quick reply and apologies it has taken me a while to get back to you.

I don't need to route the whole network from one side of the VPN to the other, I just need to route a specific PC on the NZ side to be outbound across the link and to appear to the Internet as coming from Australia.
 
User avatar
Milotop
newbie
Posts: 26
Joined: Mon May 15, 2017 1:01 pm

Re: Outbound routing question

Wed May 04, 2022 3:36 pm

If the tunnel is an interface you could mark the routes for source address 192.168.10.55 and select the AUS gateway as default gateway for that mark. If the tunnel is policy based you could just include that source address in the policy and set the default gateway correctly on the PC.

Who is online

Users browsing this forum: hjf and 81 guests