Page 1 of 1

IPSec mikrotik-mikrotik and DNAT

Posted: Tue Mar 11, 2014 10:37 pm
by guglez
Hi,

I have two mikrotik routers. One router has real IP address assigned directly to the router (as usual). Another router don't have a real IP assigned to it's interface. Instead of that the real IP is assigned via DNAT by our ISP. Is it possible to establish an IPSec tunnel for this configuration? I've tried but had no luck.

Re: IPSec mikrotik-mikrotik and DNAT

Posted: Thu May 22, 2014 12:32 pm
by guglez
Bump

Отправлено с моего GT-N7100 через Tapatalk

Re: IPSec mikrotik-mikrotik and DNAT

Posted: Tue May 27, 2014 5:16 pm
by leonset
Try to use the internal IP address in the NAT'ed router ipsec policy. You will also need to put accept rules for ipsec traffic before your masquerade rule (if there's any in the ipsec router).

Something similar is explained here:
http://wiki.mikrotik.com/wiki/Manual:IP ... behind_NAT