I'm trying to have a Cisco AP in my lab connect to a remote controller hosted by our ISP for testing.

I've been advised by my ISP that I need to use the following rule in order for it to work correctly, but this is intended for a Cisco IOS device:
I've tried all sorts on my Mikrotik (src nat, dst-nat) and can't seem to get the correct rule from the above.

Can anyone advise of the command I need to run to mirror the IOS command on my Mikrotik?

The Cisco AP has a local 172.16.x.x IP on our internal network and normally goes out via our default nat masquerade firewall rule just fine.

Thanks

J

So, mikrotik is your Main router and you want to have access to a controller connected to a cisco AP inside your local network ?

I dont know about cisco so i can not translate the command you provide...

The ISP's controller is a slightly odd set up, in that it's sitting behind IP 203.203.203.60 but configured to identify itself as 103.103.103.60.

So, I tell my AP to join a controller at 203.203.203.60. It talks to the controller fine, but because the controller identifies itself as 103.103.103.60, the AP then tries to do all further packets with 103.103.103.60.

Therefore, on my Mikrotik, I need to redirect any traffic from the AP, destined to 103.103.103.60, to actually go to 203.203.203.60 instead.

Thanks

J

If a packet is sent to 203.203.203.60 then your AP expects to get an answer from 203.203.203.60...

If your AP receives an answer from 103.103.103.60 it will discard the packets because it expects answer from 203.203.203.60 and not 103.103.103.60 ...

So i dont really see how this is going to work... Except if the 203.203.203.60 is a router and the 103.103.103.60 is a device behind that router...
Although a lot of details about the network are missing...

What you ask for is a simple dst nat rule but i dont think it will work...
Choose dst-nat with dst adress 103.103.103.60 and action dst-nat to adress 203.203.203.60