I have a slight problem with IPSEc behavaior.
My local network is 192.168.1.x/24 and remote peers are 192.168.0.x/24, 192.168.2.x/24 and 192.168.3.x/24.
Main router is cisco ASA with local network 192.168.0.0/24
Branch offices ( 1.x/24, 2.x/24, 3.x/24) have RB433AH (ROS4.17) which has IPSEC connection to Cisco ASA.
To be able to reach all networks via IPSEC I have a Policy like this:
Code: Select all
/ip ipsec policy
add action=encrypt comment="" disabled=no dst-address=192.168.0.0/16:any \
ipsec-protocols=esp level=require priority=0 proposal=DOME1 protocol=\
all sa-dst-address=213.x.y.z sa-src-address=86.x.y.z \
src-address=192.168.1.0/24:any tunnel=yes
This happens because IPSEC encrypts local IP of the Router.
Is there anyway to prevent encrypting local gw from local network ( ie 192.168.1.x/24 -> ping to -> 192.168.1.1)