Hi Master Mikrotik
have nice day.
we have problem ipsec mikrotik with intervlan
1. brach using mikrotik ip public static, and 2 vlan subnet user , ipsec to sophos firewall
2. datacenter 1 mikrotik Ip public static, p2p to sophos firewall, NAT 1:1 at sophos firewall
3. Head office using mikrotik ip public static, ipsec to sophos firewall , 1 vlan subnet user
requirement
1. traffic internet through via datacenter by using sophos firewall . full tunnel = done
2. traffic Head office branch, vise versa, manage full controll at sophos firewall
problem
======
if branch using multiple vlan on interface LAN (port2), after enabled ipsec / ipsec tunnel establish
from client PC ping to gateway is not reachable
from client PC ping to other gateway i (same branch) is not reachable , for example from PC01 ping to gateway PC02
but
1. traffic to internet via sophos firewall, and outgoing internet via datacenter site is successfully = this is comply
2. traffic to branch to head office via sophos firewall datacenter site is successfully (vice-versa) = this is comply
branch port 1 ---- ip public
branch port 2 ---- vlan 10 : 11.11.11.1/24
vlan 20 : 22.22.22.1/24
switch SVI = vlan 10 : 11.11.11.2/24
vlan 20 : 22.22.22.2/24
client = PC-01 vlan 10 : 11.11.11.3
PC-01 vlan 20 : 22.22.22.3
I attach capture mikrotik branch and topology lab my customer by using pnetlab simulator.
please suggest and solution about this problem
thank you
robma bayu
have nice day.
we have problem ipsec mikrotik with intervlan
1. brach using mikrotik ip public static, and 2 vlan subnet user , ipsec to sophos firewall
2. datacenter 1 mikrotik Ip public static, p2p to sophos firewall, NAT 1:1 at sophos firewall
3. Head office using mikrotik ip public static, ipsec to sophos firewall , 1 vlan subnet user
requirement
1. traffic internet through via datacenter by using sophos firewall . full tunnel = done
2. traffic Head office branch, vise versa, manage full controll at sophos firewall
problem
======
if branch using multiple vlan on interface LAN (port2), after enabled ipsec / ipsec tunnel establish
from client PC ping to gateway is not reachable
from client PC ping to other gateway i (same branch) is not reachable , for example from PC01 ping to gateway PC02
but
1. traffic to internet via sophos firewall, and outgoing internet via datacenter site is successfully = this is comply
2. traffic to branch to head office via sophos firewall datacenter site is successfully (vice-versa) = this is comply
branch port 1 ---- ip public
branch port 2 ---- vlan 10 : 11.11.11.1/24
vlan 20 : 22.22.22.1/24
switch SVI = vlan 10 : 11.11.11.2/24
vlan 20 : 22.22.22.2/24
client = PC-01 vlan 10 : 11.11.11.3
PC-01 vlan 20 : 22.22.22.3
I attach capture mikrotik branch and topology lab my customer by using pnetlab simulator.
please suggest and solution about this problem
thank you
robma bayu
Statistics: Posted by ubaystenlly — Fri Feb 28, 2025 12:28 pm