Hi,
I have a shiny new MikroTik RouterBoard RB2011UiAS-2HnD-IN and need some advice in relation to integrating it into my existing SOHO network.

I have a single subnet on my LAN (172.16.100.0/24). My connectivity to the Internet is via 3 x ADSL circuits (all connected to Netgear DG834Gv3 ADSL Routers). These 3 Routers are connected to another router which has a QuantumVPN built across these 3 connections, i.e. bonding my 3 ADSL connections together. the QuantumVPN box then connects directly to my LAN.

I thought the introduction of my RB would be easy....

Connect one RB interface to my LAN (replacing my QuantumVPN box as the DG, i.e. 172.16.100.1) then connect a 2nd interface on my RB (172.16.99.1) to the QuantumVPN box (having changed the IP address of this box to live on the new subnet (172.16.99.2). Then add a static route for 0.0.0.0/0 on the RB pointing at 172.16.99.2 (i.e. the Quantum VPN box).

So I did this and I can reach 172.16.100.1 & 172.16.99.1 from my LAN but not 172.16.99.2 (although I can reach this from the RB itself).

Having thought about this I reckoned I need a route in my QuantumVPN box for 172.16.100.0/24 pointing to 172.16.99.1, but unfortunately it's not possible for me to add a static route to this box.

So I'm wondering if configuring NAT on the RB would help or whether bridging would be a good idea.

Some background info...

- I have to keep the QuantumVPN box because it's part of the service I've purchased
- The reason I purchased the RB is that I want to use it as a firewall to prevent any inbound access to my network
- Also (not covered in my existing simpler design) I want to route the three individual ADSL IP subnets via the RB (in separate isolated VLANs) so I can monitor the bandwidth/usage of each link

I've attached a sketch of my before/after networks

Thanks

Creating a masquerade Nat rule on the routerboard will probably solve your problem.