Community discussions

MikroTik App
 
bolor
just joined
Topic Author
Posts: 3
Joined: Mon Sep 19, 2016 6:06 am

Host can't ping to gateway after creating ip sec policy

Mon Sep 19, 2016 6:36 am

I am new to Mikrotik, my problem is after creating following ipsec policy below, my host (10.1.202.2) is not able to ping to default gateway(10.1.202.1). Otherwise, without policy everything is doing well, i don't know what i missed.

/ip ipsec policy
add src-address=10.1.202.0/24 src-port=any dst-address=0.0.0.0/0 dst-port=any \
sa-src-address=192.168.90.1 sa-dst-address=192.168.80.1 \
tunnel=yes action=encrypt proposal=default

Please, help me to solve this problem. Thanks
 
User avatar
mrz
MikroTik Support
MikroTik Support
Posts: 7041
Joined: Wed Feb 07, 2007 12:45 pm
Location: Latvia
Contact:

Re: Host can't ping to gateway after creating ip sec policy

Mon Sep 19, 2016 3:14 pm

Because you have added policy to encrypt to every destination (0.0.0.0/0) that includes also host address. Either you add policies with more specific destinations or add rules to exclude specific addresses from being encrypted.
 
bolor
just joined
Topic Author
Posts: 3
Joined: Mon Sep 19, 2016 6:06 am

Re: Host can't ping to gateway after creating ip sec policy

Thu Sep 22, 2016 8:33 am

i am sorry i am really new to Mikrotik. Could you kindly give me some example about adding rules to exclude specific addresses from being encrypted..

Looking forward to your reply
 
moppa
just joined
Posts: 1
Joined: Tue Mar 13, 2018 7:18 pm

Re: Host can't ping to gateway after creating ip sec policy

Tue Mar 13, 2018 7:20 pm

Hi,
Is there a solution to this? I'm new to Microtik and am having the same issue. What needs added?

Ideally i want to push everything across an ipsec tunnel, but lose connection to the router as soon as i create the policy.

Thanks!

Who is online

Users browsing this forum: A9691, Kanzler and 69 guests