*Router-A
WAN1: 96.9.82.85/26
WAN2: 103.14.250.84/24
Bridge-LAN1: 192.168.17.1/24
Bridge-LAN2: 192.168.18.1/24
For Router-A we use LoadSharing. Bridge-LAN1 and Bridge-LAN2 can access together.
$@ Bridge-LAN1 work on WAN1
$@ Bridge-LAN2 work on WAN1
$@ If WAN1 is down, Bridge-LAN1 will work on WAN2
$@ If WAN2 is down, Bridge-LAN2 will work on WAN1
*Router-B
WAN: 96.9.74.222/24
Bridge-LAN: 192.168.19.1/24
*Router-A Configuration
/ip ipsec peer
add address=96.9.74.222/32 dh-group=modp1024 nat-traversal=no secret=adm!n
add dst-address=192.168.19.0/24 sa-dst-address=96.9.74.222 sa-src-address=96.9.82.85 src-address=192.168.17.0/24 tunnel=yes
add dst-address=192.168.19.0/24 sa-dst-address=96.9.74.222 sa-src-address=103.14.250.84 src-address=192.168.18.0/24 tunnel=yes
set [ find default=yes ] auth-algorithms=sha256,sha1 enc-algorithms=aes-192-cbc,aes-128-cbc
/ip firewall nat
add action=accept chain=srcnat dst-address=192.168.19.0/24 src-address=192.168.17.0/24
add action=accept chain=srcnat dst-address=192.168.19.0/24 src-address=192.168.18.0/24
/ip ipsec peer
add address=96.9.82.85/32 dh-group=modp1024 nat-traversal=no secret=adm!n
add address=103.14.250.84/32 dh-group=modp1024 nat-traversal=no secret=adm!n
add dst-address=192.168.17.0/24 sa-dst-address=96.9.82.85 sa-src-address=96.9.74.222 src-address=192.168.19.0/24 tunnel=yes
add dst-address=192.168.18.0/24 sa-dst-address=103.14.250.84 sa-src-address=96.9.74.222 src-address=192.168.19.0/24 tunnel=yes
set [ find default=yes ] auth-algorithms=sha256,sha1 enc-algorithms=aes-192-cbc,aes-128-cbc
/ip firewall nat
add action=accept chain=srcnat dst-address=192.168.17.0/24 src-address=192.168.19.0/24
add action=accept chain=srcnat dst-address=192.168.18.0/24 src-address=192.168.19.0/24
No comments:
Post a Comment