Destination unreachable over one direction in VPN tunnel

phila · January 9, 2012, 5:28pm

Hi,

I have a site-to-site IPsec VPN to another network. From remote site they can reach destinations on my LAN and get replies back.
From local site I get destination unreachable sourced from the LAN facing IP of the Mikrotik router.
Firewall does not seem to have any rules to filter this, and adding a rule to specifically permit this traffic does not seem to have effect.

This happens only with one VPN tunnel, others work fine.

Has anybody seen this?

Thank you in advance.

ditonet · January 9, 2012, 9:26pm

NAT bypass is not set?
http://wiki.mikrotik.com/wiki/Manual:IP/IPsec#NAT_Bypass

HTH,

phila · January 9, 2012, 11:26pm

Thank you, that was exactly the issue.
I am still puzzled as other subnets that go over other IPsec tunnels dont have NAT exclusion. I think I will add it for them too just in case.