[Share]Mikrotik (external) - (1:1 EIP BIND) Fortigate IPSec Establish (Routing Not Working)
Created#More Posted time:Oct 1, 2018 19:23 PM
You can do IPSec Between External VPN Gateway with Public IP
And ECS (Either Mikrotik OS, Fortigate, StrongSwan) with internal IP - Binded to Public IP.
Note: Alibaba NAT cannot do this very well due to different IP for SRC-NAT dan DST-NAT assigned.
When IPSec established but you cannot ping the network behind each other...
What you need to do:
- Ensure NAT Traversal both site
- On MIkrotik create additional SRC-NAT to (Destination Network) action accept.
It should work.
Indonet (Alibaba Partner Jakarta Indonesia)