Hi Guys.
Is there anyway to have each router endpoint in an ipsec wan able to talk to each other?
If we configure DNS on one of the ipsec routers to use DNS of a sever in another network, the traffic routes out the wan. even with nat src rules in place.
-
-
nescafe2002
Forum Veteran
- Posts: 915
- Joined:
- Location: Netherlands
Re: IPSec spoke wan issue
Add a route for remote subnet via lan interface. This way the MT will pick correct source IP address.
Re: IPSec spoke wan issue
Do you mean dynamic spoke to spoke traffic? That's more of a feature of Cisco's DMVPN and isn't available in RouterOS.
If you mean traffic from a spoke to another spoke through the hub then that's totally possible. You shouldn't need NAT rules, particularly NAT exclusion styled rules. You just need to route the traffic appropriately. You can use OSPF with NBMA neighbors or BGP if you are using IPSec with L2TP or if you are using GRE wrapped in IPSec OSPF or RIP will via multicast and exchange routes.
If you mean traffic from a spoke to another spoke through the hub then that's totally possible. You shouldn't need NAT rules, particularly NAT exclusion styled rules. You just need to route the traffic appropriately. You can use OSPF with NBMA neighbors or BGP if you are using IPSec with L2TP or if you are using GRE wrapped in IPSec OSPF or RIP will via multicast and exchange routes.