Hi all,
I have quick question:
I am configuring s2s ipsec vpn to connect single local host(MK) to 6 remote hosts(asa).
So,
1. do i have to create 6 policies in MK?
2. Can I disable pfs in MK or is it enable by default?
3. and also how to configure nat bypass in MK.
For ex.
MK local host : a.a.a.a
asa remote hosts : b.b.b.b, c.c.c.c, d.d.d.d, e.e.e.e, f.f.f.f, g.g.g.g
So is this going to be right?:
/ip firewall nat
add chain=srcnat action=accept place-before=0 \
src-address=a.a.a.a/32 dst-address=b.b.b.b/32
src-address=a.a.a.a/32 dst-address=c.c.c.c/32
src-address=a.a.a.a/32 dst-address=d.d.d.d/32
src-address=a.a.a.a/32 dst-address=e.e.e.e/32
src-address=a.a.a.a/32 dst-address=f.f.f.f/32
src-address=a.a.a.a/32 dst-address=g.g.g.g/32
OR
/ip firewall nat
add chain=srcnat action=accept place-before=0 \
src-address=a.a.a.a/32 dst-address=b.b.b.b/32
/ip firewall nat
add chain=srcnat action=accept place-before=0 \
src-address=a.a.a.a/32 dst-address=c.c.c.c/32
.
.
. and so on.
???????????????
I'll appreciate if anyone share similar working scenario or Example............Thanks.