Community discussions

MikroTik App
 
huntah
Member Candidate
Member Candidate
Topic Author
Posts: 287
Joined: Tue Sep 09, 2008 3:24 pm

IPSEC and local gw ping

Sat Dec 17, 2011 12:33 am

Hello,

I have a slight problem with IPSEc behavaior.
My local network is 192.168.1.x/24 and remote peers are 192.168.0.x/24, 192.168.2.x/24 and 192.168.3.x/24.

Main router is cisco ASA with local network 192.168.0.0/24
Branch offices ( 1.x/24, 2.x/24, 3.x/24) have RB433AH (ROS4.17) which has IPSEC connection to Cisco ASA.

To be able to reach all networks via IPSEC I have a Policy like this:
/ip ipsec policy
add action=encrypt comment="" disabled=no dst-address=192.168.0.0/16:any \
    ipsec-protocols=esp level=require priority=0 proposal=DOME1 protocol=\
    all sa-dst-address=213.x.y.z sa-src-address=86.x.y.z \
    src-address=192.168.1.0/24:any tunnel=yes
Everything is working as it should expect local gateway ping timeouts from local network. but I can ping remote GW without a problem.
This happens because IPSEC encrypts local IP of the Router.
Is there anyway to prevent encrypting local gw from local network ( ie 192.168.1.x/24 -> ping to -> 192.168.1.1)

Who is online

Users browsing this forum: benshirazi, Bing [Bot], Jörg and 94 guests