1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Port forward via ipsec tunnel

Discussion in 'Networking' started by horladoqun, May 20, 2015.

Thread Status:
Not open for further replies.
Advertisement
  1. horladoqun

    horladoqun Thread Starter

    Joined:
    Feb 23, 2009
    Messages:
    43
    I have an issue that begs for a solution quickly.
    there are 2 mikrotik router in my office.
    The first one mtA has a Telco APN IP 172.17.10.200 configured on it. the Telco gave us SIMs which bears 172.52.57.0/24.
    The other mtB bears our internet IP, configured for IPSec Tunnel and the LAN IP address (192.168.5.0) masqueraded too. One of the LAN port of mtB is connected to mtA such that communication can be established between LAN and APN.
    With IPSec Tunnel on mtB, traffic from outside can get to the APN too.
    Tunnel Settings:
    Site A (me)
    WAN: 5.5.5.5
    LAN: 192.168.5.0/24
    Site B (other side)
    WAN: 2.2.2.2
    LAN: 192.168.1.0/24
    Now here is where I need help: I want to forward a port to a system 192.168.1.25 on the end of the Tunnel.
    Please I need help!!!
     
  2. zx10guy

    zx10guy Trusted Advisor Spam Fighter

    Joined:
    Mar 30, 2008
    Messages:
    6,272
    A network diagram will do wonders in helping to understand your network layout and what you're trying to accomplish.
     
  3. horladoqun

    horladoqun Thread Starter

    Joined:
    Feb 23, 2009
    Messages:
    43
    Hello zx10guy,
    Please find below:
     

    Attached Files:

  4. zx10guy

    zx10guy Trusted Advisor Spam Fighter

    Joined:
    Mar 30, 2008
    Messages:
    6,272
    Are you trying to allow access to 192.168.1.25 for users on the 192.168.5.0 network or are you looking to expose 192.168.1.25 to the Internet for access?
     
  5. horladoqun

    horladoqun Thread Starter

    Joined:
    Feb 23, 2009
    Messages:
    43
    I am trying to access 192.168.1.25:300 from both 192.168.5.0/24 and 172.17.10.200 (APN)
     
  6. zx10guy

    zx10guy Trusted Advisor Spam Fighter

    Joined:
    Mar 30, 2008
    Messages:
    6,272
    This is a routing issue.

    I don't know much about the Microtik routers. But you'll need to add a static route entry the mtB and mtA routers to use the IPSEC tunnel to get access to the box on 192.168.1.25. The same goes with the site B router where it needs route entries for the 192.168.5.0 and 172.17.10.200 host.

    I'm surprised the 192.168.5.0 network is unable to communicate to 192.168.1.25 as isn't that the reason you have the IPSEC site to site tunnel in the first place? Is the IPSEC tunnel working?
     
  7. horladoqun

    horladoqun Thread Starter

    Joined:
    Feb 23, 2009
    Messages:
    43
    IPsec Tunnel is working and the 192.168.5.0/24 can comfortably communicate with 192.168.1.0/24.
    What I really want to achieve is that 172.17.10.200 host (POS terminals) communicate with 192.168.1.25:300 which is the box hosting its software app.
     
  8. zx10guy

    zx10guy Trusted Advisor Spam Fighter

    Joined:
    Mar 30, 2008
    Messages:
    6,272
    Then you need to add a route entry on the mtA router to use mtB as the gateway to the 192.168.1.0 network. At the site B router, you need to put in a route entry stating to get to the 172.17.10.200 host to use the VPN tunnel. There's no need to do any port forward rules for this to work. It's a simple routing issue.
     
  9. horladoqun

    horladoqun Thread Starter

    Joined:
    Feb 23, 2009
    Messages:
    43
    Hello zx10guy,
    Thanks for your replies.
    The thing is traffic from site B of the tunnel can get to the APN SIMs but where the problem seems to be is when a device at my side of the tunnel initiates a traffic, it doe not get to the 192.168.1.25:300.
    I have added a route to mtA to use mtB as gtw but mtA report mtB is not reachable.
    See screen shot:
     

    Attached Files:

  10. horladoqun

    horladoqun Thread Starter

    Joined:
    Feb 23, 2009
    Messages:
    43
    Hello zx10guy,
    I have been in discussion with my telco and based on it, traffic from the POS now gets to my LAN.
    I did a trace route with a SIM in a MODEM..I noticed the traffic hops from the telco, to the radio at my office, to my router and then to my internet gateway. But the traffic goes elsewhere from there and it does not locate the need box.
    Remember I mentioned in my earlier post that I have VPN connection to a partner network and the box I am trying to reach is within their network. I do not have any issues connecting to the partner via VPN with systems within my LAN but the SIM does not though result from trace route gets to my LAN the to my internet gateway...I wish that traffic from the POS goes through the Tunnel.
    HOW DO I DO THIS?
     
  11. zx10guy

    zx10guy Trusted Advisor Spam Fighter

    Joined:
    Mar 30, 2008
    Messages:
    6,272
    I don't know anything about the Microtik routers you have. Are you able to post up a config or at least paste up the routing table of the routers?

    What is the default gateway of the devices you're trying to have talk to each other?
     
  12. horladoqun

    horladoqun Thread Starter

    Joined:
    Feb 23, 2009
    Messages:
    43
    Hello zx10guy,
    attached is the route list on the router.
    ether5 is the public interface,
    172.21.1.0/24 is LAN which is can reach SIM (10.80.8.0/22) via 192.168.88.9
    SIM is also able to reach 172.21.1.246 only.
    10.80.8.0/22 is the SIM address block
    Tunnel communication with the partner is good with the LAN but I desire also that traffic to the partner goes through the tunnel not through open internet.
     

    Attached Files:

  13. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1148547

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice