I am new to Mikrotik, my problem is after creating following ipsec policy below, my host (10.1.202.2) is not able to ping to default gateway(10.1.202.1). Otherwise, without policy everything is doing well, i don’t know what i missed.
/ip ipsec policy
add src-address=10.1.202.0/24 src-port=any dst-address=0.0.0.0/0 dst-port=any
sa-src-address=192.168.90.1 sa-dst-address=192.168.80.1
tunnel=yes action=encrypt proposal=default
Please, help me to solve this problem. Thanks
Because you have added policy to encrypt to every destination (0.0.0.0/0) that includes also host address. Either you add policies with more specific destinations or add rules to exclude specific addresses from being encrypted.
i am sorry i am really new to Mikrotik. Could you kindly give me some example about adding rules to exclude specific addresses from being encrypted..
Looking forward to your reply
Hi,
Is there a solution to this? I’m new to Microtik and am having the same issue. What needs added?
Ideally i want to push everything across an ipsec tunnel, but lose connection to the router as soon as i create the policy.
Thanks!