0

I would like to ask you for your opinion. I need to find a secure way how to manage small remote sites where I have RBs. We have HQ, where is Kerio Control as a FW and a lot of small sites with various types of internet connectivity solutions. Different providers and devices. There is usualy a device from provider, where I have to forward ports to RB. There is always public IP address, but not directly on the interface, but NATed from ISP. My first thought was to establish site to site L2TP/IPsec tunnel from RB to Kerio, But I suppose, it would be complicated and maybe not always possible because of NAT-T. Am I right? I need an universal solution and non uniform internet connectivity solutions and NAT makes it difficult. Is there any elegant solution for this? Thank you...

devlin
  • 145
  • 1
  • 3
  • 12
  • If you can't establish a proper network design for your remote sites with site-2-site VPN's linking them to your central datacenter and/or headquarters (which will add a lot of other benefits for your remote users/departments to access in-company resources in addition to much easier central management) then maybe setting up VPN server in each location is the minimal one-off effort that will allow you easy remote access as an admin. Otherwise take [these considerations](https://serverfault.com/a/804674/37681) to select suitable (configuration) management tooling. – HBruijn Nov 06 '18 at 08:21

1 Answers1

0

The best solution for you might be setting up a VPN server (L2tp /pptp / ....) in your central site and use Mikrotik in other remote sites as VPN Client, by using VPN Clinet interfaces like PPTP Client / L2TP Clinet i.e. This way you only need to configure your central point (routing - nat -....) and mikrotik in remote sites can connect to the server even behind NAT network.

Arash
  • 274
  • 1
  • 8