Hello, I've setup a Hex in my staging area in order to prep my machines under the correct IP settings for when they are deployed to stores.

We use static 10. IP's in the stores so we know what everything is.

Anyway the issue I'm encountering is that while those machines are connected to that Microtik they are unable to access anything on our main network which is where all my setup files are located. That network is on a 192. IP range. (the Microtik is setup with a static 192. IP and the appropriate DNS for it access internet and be visible on the network)

So if I need to access an exe or a config file I need to physically unplug the Microtik from the main network, plug it's cable into the machine I need to copy files to and reset the settings to DHCP with the correct DNS on the computer as well.

I am unsure what it is that I even need to setup for this to happen so my searches have been less that fruitful so any help would be appreciated.

Thanks.

We can't tell you the specifics of your network - this is for your network administrator to help you with. In a basic sense, whatever IP's are given out by this new mikrotik either needs to be NAT to your main or 'parent' network, or your router on your parent network needs to have a route back to the new mikrotik for the IP's you are using on it.

This is a basic network issue not a Mikrotik issue - and its very specific to your setup and network design so you may not get much help here.

Like @joegoldman sayed,

Solution A: NAT/Masquerade on Mikrotik-Router
Basic Exemple:
Solution B: Static Routing
Your Main-Router doen't know where to send Trafffic for 192.X.X.X
so you will need to add a Route, that tells the Main router to send 192.X.X.X to your Mikrotik.

provide a network diagram of how all are connected.
Its not very clear............

If you have access on site, the admin PC should be able to reach every MT device in the building.
If you use remote access, better be by VPN, the same is true.

provide a network diagram of how all are connected.
Its not very clear............

If you have access on site, the admin PC should be able to reach every MT device in the building.
If you use remote access, better be by VPN, the same is true.

Physically
Astaro (192.168.0.1) -> Switches -> Office Jack -> Microtik(10.1.20.1) -> Staging PC's

Server level we have two AD domain controllers (192.168.0.3 and 192168.0.5) , one of which provides DHCP and DNS for the main network.

Microtik is setup to use 192.168.0.17 as it's IP and uses .3 and .5 as it's DNS.

It's setup this way because the firewall is configured to allow only a select few IP's to download files from the internet so when I need to... say install MS Office or .NET 3.5 for SQL Server requirements I need to do it from one of those allowed IP's which .17 is.

As @ConnyMercier wrote: you need to establish NAT on mikrotik for all traffic exiting towards main network.