Community discussions

MikroTik App
 
marioeit
just joined
Topic Author
Posts: 1
Joined: Wed Jun 06, 2018 12:34 pm

Problem with reaching 2 different networks - ipsec

Wed Jun 06, 2018 12:40 pm

Hey!

I have 2 RB 2011 in 2 different Locations.
RB1: 192.168.0.1
RB2: 192.168.88.1

They are connected via ipsec. The tunnel work's fine. I can also ping/reach from RB2 -> RB1
But from RB1-> RB2 i can only ping the Gateway (192.168.88.1), Computers, Printers, ap's... are not reachable.
Do i Need some more NAT Rules etc...? I have ony masquerade eth1 on both sides

Thanks for your Help
 
User avatar
evince
Member
Member
Posts: 355
Joined: Thu Jul 05, 2012 12:11 pm
Location: Harzé - Belgique
Contact:

Re: Problem with reaching 2 different networks - ipsec

Thu Jun 07, 2018 3:47 pm

Hello, yes you need a rule like this :

/ip firewall nat
add action=accept chain=srcnat dst-address=192.168.88.0/24 src-address=192.168.0.0/24 (Router 192.168.0.1)

and in the second router :

/ip firewall nat
add action=accept chain=srcnat dst-address=192.168.0.0/24 src-address=192.168.88.0/24 (Router 192.168.88.1)

Place the rule in the top.

Thay are necessary to prevent masquerading the subnet.

Regards,

Who is online

Users browsing this forum: concretegolem, DoryIII and 17 guests