Hello everyone, I just noticed one issue that I cannot even name properly but I´ll try to explain.
Situation one:
I have an Site-to-Site IPsec tunnel working fine, two Cisco routers, two networks:
192.168.1.0/24 and 192.168.18.0/24
Both ciscos running at 192.168.1.1 and 192.168.18.1
Traffic is passing fine, everything works.
IF from server 1 with IP 192.168.1.250 (SRC) I open another server with IP 192.168.18.250 (DST) , on destination server I see remote connection from 192.168.1.250:xxxxx to local 192.168.18.250:443
IF I mirror the sides, i get exactly opposite behaviour (192.168.1.250:443 as destination server sees request from 192.168.18.250:xxxxx)
Situation two with MikroTik
Lets just say I replace Cisco on the 18.0/24 subnet, what happens is this:
IF from server 1 with IP 192.168.1.250 (SRC) I open another server with IP 192.168.18.250 (DST) , on destination server I see remote connection from 192.168.18.1:xxxxx to local 192.168.18.250:443
On the remote server with Cisco I see 192.168.1.250:xxxxx > 192.168.18.250:443
xxxxx is some random outgoing port.
Why on the Mikrotik side I always see traffic coming from gateway address and not directly from source? But with two cheap SMB Ciscos I see source and destination addresses just fine?
Why is this happening? Is this some kind of NAT or something ? Routing issue?
Thank you very much for help
Re: Really strange IPsec Mikrotik issue
So I just realized this also happens with Intervlan routing, what the heck is going on? Why is this happening?
The text in the red boxes is what Windows/Linux is reporting, basically everything is seen as traffic originating from gateway itself, why?? I never experienced this kind of behaviour on Cisco switches or routers, they always showed me where is traffic originating from, Mikrotik is hiding everything behind itself, even on VPNs.
The text in the red boxes is what Windows/Linux is reporting, basically everything is seen as traffic originating from gateway itself, why?? I never experienced this kind of behaviour on Cisco switches or routers, they always showed me where is traffic originating from, Mikrotik is hiding everything behind itself, even on VPNs.
You do not have the required permissions to view the files attached to this post.
Re: Really strange IPsec Mikrotik issue
We need configuration so we can help. Blind guess is like you assumed - NAT, but there could be also a lot of other things.
Re: Really strange IPsec Mikrotik issue
Check your srcnat rules. It can't be unlimited masquerade as usual, because it would also break the tunnel. But it does look like there's srcnat for traffic going to LAN.
Re: Really strange IPsec Mikrotik issue [SOLVED]
Thank you guys for pointing me to the right direction, there were two rules
ip firewall nat chain=srcnat action=masquerade dst-address=192.168.18.0/24
ip firewall nat chain=srcnat action=masquerade dst-address=192.168.19.0/24
So basically everything that was natted came through gateway, since i have servers only on 18.0/24 network, i deleted the second rule and added src-address rule to create hairpin nat originating from 18.0/24 to 18.0/24
Everything is ok now.
Thank you both
ip firewall nat chain=srcnat action=masquerade dst-address=192.168.18.0/24
ip firewall nat chain=srcnat action=masquerade dst-address=192.168.19.0/24
So basically everything that was natted came through gateway, since i have servers only on 18.0/24 network, i deleted the second rule and added src-address rule to create hairpin nat originating from 18.0/24 to 18.0/24
Everything is ok now.
Thank you both