В общем в одном из филиалов сменили провайдера. Взял новый микротик, настроил интернет (внешний IP: 100.100.256.113), поднял l2tp тунель до ЦО. Всё взлетело сеть ЦО из филиала видно, 1С работает. А вот запрос регистрации с IP телефона (192.168.33.199 его адрес в филиале) приходит c Src. Address 100.100.256.113:5060 Почему так происходит и в какую сторону рыть? Вот настройка филиального микротика. Код: /interface bridge add admin-mac=CC:2D:E0:B3:90:79 auto-mac=no comment=defconf name=bridge /interface ethernet set [ find default-name=ether2 ] name=ether2-master set [ find default-name=ether3 ] master-port=ether2-master set [ find default-name=ether4 ] master-port=ether2-master set [ find default-name=ether5 ] master-port=ether2-master /interface l2tp-client add allow=mschap2 connect-to=213.59.*.* disabled=no name=l2tp-to-HQ \ password=********* user=User /interface wireless set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-Ce \ disabled=no distance=indoors frequency=auto mode=ap-bridge ssid=\ MikroTik-B3907E wireless-protocol=802.11 set [ find default-name=wlan2 ] band=5ghz-a/n/ac channel-width=\ 20/40/80mhz-Ceee disabled=no distance=indoors frequency=auto mode=\ ap-bridge ssid=MikroTik-B3907D wireless-protocol=802.11 /ip neighbor discovery set ether1 discover=no /interface list add comment=defconf name=WAN add comment=defconf name=LAN /interface wireless security-profiles set [ find default=yes ] supplicant-identity=MikroTik /ip pool add name=default-dhcp ranges=192.168.33.10-192.168.33.250 /ip dhcp-server add address-pool=default-dhcp disabled=no interface=bridge name=defconf /ppp profile set *FFFFFFFE use-compression=yes use-mpls=yes /interface bridge port add bridge=bridge comment=defconf interface=ether2-master add bridge=bridge comment=defconf interface=wlan1 add bridge=bridge comment=defconf interface=wlan2 /interface list member add comment=defconf interface=bridge list=LAN add comment=defconf interface=ether1 list=WAN /ip address add address=192.168.33.1/24 comment=defconf interface=bridge network=\ 192.168.33.0 /ip dhcp-client add comment=defconf dhcp-options=hostname,clientid disabled=no interface=\ ether1 /ip dhcp-server lease add address=192.168.33.179 client-id=1:38:d5:47:b4:3c:9c mac-address=\ 38:D5:47:B4:3C:9C server=defconf add address=192.168.33.199 client-id=1:0:a8:59:cc:de:4a mac-address=\ 00:A8:59:CC:DE:4A server=defconf /ip dhcp-server network add address=192.168.33.0/24 comment=defconf dns-server=192.168.33.1,8.8.8.8 \ gateway=192.168.33.1 /ip dns set allow-remote-requests=yes servers=192.168.0.100 /ip dns static add address=192.168.33.1 name=router.lan /ip firewall filter add action=accept chain=input comment=\ "defconf: accept established,related,untracked" connection-state=\ established,related add action=drop chain=input comment="defconf: drop invalid" connection-state=\ invalid add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp add action=drop chain=input comment="defconf: drop all not coming from LAN" \ in-interface-list=!LAN add action=accept chain=forward comment="defconf: accept in ipsec policy" \ ipsec-policy=in,ipsec add action=accept chain=forward comment="defconf: accept out ipsec policy" \ ipsec-policy=out,ipsec add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \ connection-state=established,related add action=accept chain=forward comment=\ "defconf: accept established,related, untracked" connection-state=\ established,related,untracked add action=drop chain=forward comment="defconf: drop invalid" \ connection-state=invalid add action=drop chain=forward comment=\ "defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \ connection-state=new in-interface-list=WAN /ip firewall nat add action=masquerade chain=srcnat comment="defconf: masquerade" \ ipsec-policy=out,none out-interface-list=WAN /ip route add distance=1 dst-address=192.168.0.0/24 gateway=172.16.30.1 /ip service set telnet disabled=yes set ftp disabled=yes set www disabled=yes set ssh disabled=yes set api disabled=yes set winbox address=192.168.33.0/24,192.168.0.0/24 set api-ssl disabled=yes /system clock set time-zone-name=Asia/Yekaterinburg /tool mac-server set [ find default=yes ] disabled=yes add interface=bridge /tool mac-server mac-winbox set [ find default=yes ] disabled=yes add interface=bridge