Can't Remotely Manage through Double NAT

We have had an issue that has been very promient lately where we cannot manage our customer's routers when they are behind a Double NAT. The scenario is the 450 Radio has PPPoE information for the customer and the cnPilot (model does not matter) has a static IP on the WAN with the radio as the gateway or is getting DHCP on the WAN which gives the same address.

Customer traffic is unaffected. It is only affecting managment directly. When there is no double NAT and PPPoE is in the router, there is no issue. This is not a solution, however, since we are unable to manage the routers to make any changes.

Please provide the network topology and configuration details.

Mikrotik Core router - 450AP - 450SM - cnPilot

PPPoE server and the static management IP subnet is in the Mikrotik Core. All bridged to the 450SM. PPPoE client in the SM receives the public IP address and performs NAT from 192.168.x.1/24 in the 450 SM to the 192.168.x.2/24 cnPilot WAN. The SM is configured to have 192.168.x.2 in the DMZ. All upstream packets except PPPoE is filtered at the 450SM.

Hi

I did not see any problem while accessing WebUI of R200 from Linux PPPoE Server with below configuration of AP/SM450.

I have attached the network diagram of our setup and NAT Port Mapping screen capture of SM450.

Configuration 1:

1. Configure the AP450 in Bridge mode.

2. Configure SM450 in PPPoE Client +NAT mode.

3. Configure DMZ IP( WAN IP of R200) in SM450.

4. Open Webui ( Use PPPoE IP of SM450) of R200.

Configuration 2:

1. Configure AP450 in Bridge mode.

2. Configure SM450 in PPPoE Client +NAT mode.

3. Configure NAT Port Mapping rule in SM450.

4. Open Webui ( Use PPPoE IP of SM450 + NAT mapped Port) of R200.

Note: Please let know if NAT is enable in Mikrotik Core router. If NAT is enable in Mikrotik Core router, Please enable/add NAT Forwarding rule/NAT Port Mapping rule.