Routing from ipsec to XG and then, to another ipsec

Hi,

 

 

I´ve an ipsec tunnel from XG to Mikrotik working fine and another one from XG to AWS.

 

I´d like to ping from Mikrotik(LAN) to AWS, how to do this? policy routing? how?

 

 

Regards

  • Hi  

    For this setup to work, you will need to make some changes in the existing IPsec configuration.

    Let us first assume that your existing setup allows your Mikrotik(LAN) to communicate with the XG network using Mikrotik-XG tunnel. And using the XG-AWS tunnel, XG network can communicate with AWS Network. This works fine.

    In order to allow your Mikrotik(LAN) to communicate with your AWS network, first you will need to add AWS network in your Mikrotik-XG tunnel on XG as Local Network and you would require to add AWS network in your Mikrotik (assuming similar setup to XG) as a remote network. Similarly, you will need to add Mikrotik(LAN) as Local network in XG-AWS tunnel and similar changes as AWS should allow you to add Mikrotik(LAN) as a remote network.

    Once the above is done, you will require to create a VPN to VPN rule allowing traffic between Mikrotik(LAN) and AWS network. This should then allow your Mikrotik network to communicate with AWS and vice-versa. Hope this helps.

  • In reply to Jaydeep:

    Hi,

     

     

    Everthing was done but not ping or tracert from/to AWS to Remote LAN.

     

    Also, If I ping from AWS to remote LAN I see green light at FW logs.

  • In reply to Edgar Quintana1:

    Hi Edgar,

    Please show us screenshots of your configuration (especially the tunnel remote/local host networks). Keep in mind that AWS may need new routes as well for this to work.