Answer the question
In order to leave comments, you need to log in
Mikrotik Site-to-Site VPN with NAT?
Good afternoon, dear ones!
Here is such a problem. Set up Site-to-Site VPN. The tunnel is up, everything seems to be OK. But the traffic does not go.
Scenario:
Local network: 192.168.100.0/24
Virtual IP: 172.20.33.100
According to the scenario, traffic coming from the local network will be routed to the virtual IP. Then, the IPSec policies are written to encrypt traffic from the virtual IP to the partner. When you try to PING NAT fulfills, but writes PING does not pass. Tried different firewall filter configurations, doesn't work.
Can someone tell me where to dig?
Answer the question
In order to leave comments, you need to log in
In general, the problem was solved after I set unique in IPSec Policies Encrypt Level instead of require .
But now there is another problem. If I disable Internet access for this server, VPN traffic does not go. Apparently the route is looking for the WAN interface. The problem was temporarily solved by two rules. If the traffic goes from the server to the partner's internal network, then I give access to the Internet, blocking everything else.
If someone has a better solution I will be glad.
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question