Community discussions

MikroTik App
  4. RouterOS
  5. Beginner Basics

Route mail flow between two sites with Mikrotik routers

Post Reply
 
TerryB
just joined
Topic Author
Posts: 1
Joined: Sat Jun 29, 2019 10:48 pm

Route mail flow between two sites with Mikrotik routers

Sun Jul 14, 2019 11:12 am

Hi! I think that this is easy, but I'm absolutly new to Mikrotik and RouterOS. So, please, help!

We have:
Two Sites: A and B. Each of them has its own wired internet connection.
In Site A we have hardware Mikrotik router connected to internet through NAT with provider's router.
In Site B we have virtual Mikrotik router connected to internet through NAT with provider's router.
We've connected these two Mikrotik routers with IPSec Site-to-Site connection between them. (it was not easy :))
In Site A we have mail server, which is connected to internet through NAT with provider's router (not using Mikrotik).

We need:
We are going to move mail server from Site A to Site B. But we need to keep mail routing (incoming and outcoming mail) through origin Site A internet IP-address.
In Site B mail server will be connected to virtual Mikrotik router connected to internet through NAT with provider's ethernet router.
(We've got these Mikrotik routers specially for this task)

What and how do we need to configure on both Mikrotik routers to implement this?

Additional task. We need to route Exchange ActiveSync, OWA and etc. requests coming to original Site A IP-address to mail server, which will be moved to Site B . But it seems that it could be done in the same way as mail routing in the main task.

Thanks in advance!
Top
 
pe1chl
Forum Guru
Forum Guru
Posts: 10231
Joined: Mon Jun 08, 2015 12:09 pm

Re: Route mail flow between two sites with Mikrotik routers

Sun Jul 14, 2019 12:39 pm

Do these two sites have a fixed external IP address?
If so, I would advise to replace the IPsec site-to-site connection with a tunnel (GRE or IPIP) over IPsec.
Just delete the site-to-site configuration, create a GRE interface at each end, and enable IPsec on it.
Then at each end add an IP address to the tunnel interfaces that is not inside one of the two networks you use at the sites, e.g. 10.0.0.1/30 and 10.0.0.2/30.
Now you can route the traffic between the sites by setting static routes to the network at the other side via the gw of the other site (the above 10.0.0.1 or 10.0.0.2).
This is a lot easier to get going, and you need no tricks in the NAT table to avoid NATting the traffic between the sites.
Furthermore, you can now route ANY traffic between the sites, including the forwarded mail traffic.
So you can now change the dst-nat address to the new mailserver address. To get the return traffic back to internet via the same path, you apply a connection mark to traffic incoming via the GRE tunnel, and route back traffic with that connection mark to the same tunnel.
Top
Post Reply

Who is online

Users browsing this forum: Kanzler, kkeyser, unam83 and 53 guests
  4. RouterOS
  5. Beginner Basics