ZYWAL ATP700 so that it sees MikroTik's subnet

Options
Komoliddin162
Komoliddin162 Posts: 6  Freshman Member
First Comment
in Security

Hello, I wanted the ATP700 to see the MikroTik subnet and to show up in the logs. Well, I can't set up static routing either, I've tried, but somehow I'm not sure if I'm making a mistake. Help me solve this problem.

All Replies

  • Zyxel_Melen
    Zyxel_Melen Posts: 3,529  Zyxel Employee
    Zyxel Certified Network Engineer Level 1 - Switch Zyxel Certified Network Administrator - Switch Zyxel Certified Network Administrator - Nebula Zyxel Certified Sales Associate

    Hi @Komoliddin162,

    Do you mean you want to see MikroTik setting and event logs on ATP700?

    Zyxel Melen


  • Komoliddin162
    Komoliddin162 Posts: 6  Freshman Member
    First Comment

    I want to see the IP addresses that I distribute through Mikrotik. I have an ATP700 that provides the internet, and Mikrotik distributes IP addresses to clients, and I want to see the IP addresses that I assign to these clients.

  • Komoliddin162
    Komoliddin162 Posts: 6  Freshman Member
    First Comment

    currently only sees the IP address of Mikrotik and in the logs also only the IP of Mikrotik

  • PeterUK
    PeterUK Posts: 3,893  Guru Member
    100 Answers 2500 Comments Friend Collector Seventh Anniversary
    edited June 30

    Is the MikroTik  a switch or router? is it doing DHCP as a server?

    Draw your setup to show what you have done

  • Komoliddin162
    Komoliddin162 Posts: 6  Freshman Member
    First Comment
    image.png

    This is what my network looks like. I have a MikroTik router, not a switch. It takes DHCP from the ATP700 - 192.168.3.*, and then distributes to clients with its own LAN configuration, VLANs 172.16.11.1, 172.16.12.1.

  • PeterUK
    PeterUK Posts: 3,893  Guru Member
    100 Answers 2500 Comments Friend Collector Seventh Anniversary

    Your MikroTik router is doing SNAT out the interface to ATP700 thats why you only see one IP.

    you need to change the MikroTik router routing rule to not SNAT then setup on ATP700 a static route for the LAN subnet of MikroTik router to it gateway by ATP700.

  • Komoliddin162
    Komoliddin162 Posts: 6  Freshman Member
    First Comment

    Where exactly should I change srcnat in masquarad?

  • Zyxel_Tina
    Zyxel_Tina Posts: 82  Zyxel Employee
    Zyxel Certified Network Administrator - Security Zyxel Certified Network Administrator - Switch 5 Answers First Comment

    Hi @Komoliddin162,

    As @PeterUK mentioned, the issue is likely caused by SNAT being enabled on your MikroTik router, which hides the real client IPs. Please disable SNAT on the MikroTik (refer to their user guide for steps), so the original IPs are preserved when passing to the ATP700.

    Then, go to Configuration> Network > Routing > Static Route > Add to add static routes on the ATP700 firewall for each MikroTik LAN subnet. Example:

    Subnet: 172.16.11.0/24 

    Next Hop: 192.168.3.2 (MikroTik's WAN IP) 

    Interface: LAN (connected to MikroTik)

    and

    Subnet: 172.16.12.0/24 

    Next Hop: 192.168.3.2 

    Interface: LAN

    This way, the firewall can correctly route and log traffic from the actual clients behind the MikroTik.

    Hope this helps!

    Zyxel Tina

Categories

Security Help Center

EnglishTiếng ViệtРусскийไทย中文(台灣)