1

We have the following setup which I need to get working:

  • Location A:
    • Subnet 1:
      • Network: 192.168.1.0
      • Mask: 255.255.255.0
      • Default Gateway: 192.168.1.1
    • Subnet 2:
      • Network: 192.168.2.0
      • Mask: 255.255.255.0
      • Default Gateway: 192.168.2.1
  • Location B:
    • Subnet 3:
      • Network: 192.168.3.0
      • Mask: 255.255.255.0
      • Default Gateway: 192.168.3.1

The default gateways of location A and B are connected via a VPN and ONLY route subnets 1 and 3. I cannot change the config of these gateways. What I need to achieve is, that traffic going to a public subnet, e.g. 193.197.0.0 is routed through the default gateway of subnet 2.

What I did so far:

  • I added a MikroTik router at location A and B which is configured as follows:
    • Location A:
      • IP: 192.168.1.254, 192.168.2.254
      • Route: 193.197.0.0 -> 192.168.2.254
    • Location B:
      • IP: 192.168.3.254

Now, for location A and subnet 1 this works fine. However, I fail to setup the MikroTik at location 3 properly. I tried:

  • Route: 193.197.0.0/12 -> 192.168.1.254 (that does not work)
  • Setup IPIP-tunnel between the two MikroTik and route 193.197.0.0/12 -> (IPIP-tunnel)

Background: clients in subnet 1 and 3 need to access a certain website. However, the website can only be contacted through the gateway in subnet 2 (some high security stuff).

I'm pretty sure that this scenario can be solved with these routers but I need your help! Any ideas?

TylerDurden
  • 181
  • 1
  • 2
  • 14
  • It is really hard to follow your description. You say you can't figure out how to setup a router at `location 3`, but you don't give any details about the network or addresses assigned to the router at location 3, unless you are using confusing names. Are the VPNs terminating on these routers? If so, they have probably additional IP addresses and subnets you haven't told us about. Those are the addresses you probably should be using for your routes. Anyway, you need to **fill out the details**, and proofread to make sure that someone else can follow your description. – Zoredache Nov 16 '16 at 18:34
  • Also you seem to have other routers in place also? Since the default gateway for the subnets are not the addresses assigned to your mikrotik routers? We almost certainly need details about your other routers also. – Zoredache Nov 16 '16 at 18:37
  • Zoredache is exactly right. There absolutely are other IPs you are not telling us. We need the full output of `/ip address print` on each router, or just look at the IP -> Addresses screen and tell us all the IPs. – Dessa Simpson Apr 20 '17 at 20:07

1 Answers1

0

The above setup only works if additionally to the routes NAT is enabled and configured properly.

See source nat on the Mikrotik Wiki: https://wiki.mikrotik.com/wiki/Manual:IP/Firewall/NAT#Source_NAT

TylerDurden
  • 181
  • 1
  • 2
  • 14