Hi,
I am not a network engineer, but I am a relatively savvy tech user.
I have a simple (for you guys) configuration I need to set up and would greatly appreciate some help.
Setup:
I have a MikroTik CCR1009 and a CISCO SG200-50
I have NetInstalled the MikroTik with 6.47.10 and set up some basic firewall rules.
I purchased 2 SFP modules and connected the devices with fiber
The two devices will eventually be in separate locations linked by the fiber (approx 100m apart) but are currently in the same rack.
I am connecting the MikroTik to the internet using the Eth1 port as WAN
This all works nicely. I enabled DHCP and I can connect and manage the device. I also have access to the internet from both the Cisco Switch and MikroTik router.
I have also set up an IPSec VPN mostly using this guide although the provider is not NordVPN:
https://support.nordvpn.com/Connectivit ... ordVPN.htm
I have since deleted the VPN config as I hacked it to pieces and wanted to start again fresh, which brings me to my question:
I would like create 2 VLANS on the devices and assign the VLANs to different physical ports on both the Cisco and MikroTik.
I would like to send all traffic from VLAN_PRIVATE through the VPN and have the other traffic VLAN_PUBLIC (and also untagged traffic?) go to the internet directly.
If the VPN is down I want to make sure that VLAN_PRIVATE traffic does not go out to the local internet.
I am the sort of degenerate developer who cuts and pastes code and muddles through...
...but am well aware that when dealing with security and privacy it is rather crucial to know what one is doing!
Hence I am asking for advice and tips to get this right...
I have looked around and am lost here between beginner and advanced. Beginner guides don't go this far. Advanced guides assume too much knowledge.
e.g. I know I need to set a mangle rule to route the traffic to a black hole... but I don't know how one would go about doing this!
I think the steps are:
1 - create VLANs
2 - setup trunk through SFP with rules for VLANs
3 - Setup VPN (I have successfully done this once)
4 - Configure NAT rules or Mangle rules (not sure which) to route traffic through the VPN or directly to the internet
5 - Test to ensure traffic goes through the VPN
If anybody knows some guides that can walk me through this, that would be great!
Or, additionally, if someone has the patience to consult in enough detail that I can follow instructions, I would be more than happy to reimburse for time and coffee spent!
Many thanks in advance for any help.
2oby