Dear All
I have a litle problem
I have an Internet from 2 ISP.
On ether1 I have got 1.1.1.1 IP address
On ether2 I have got 2.2.2.1-2.2.2.6 IP address
I try to compile IPSec Tunnel from 2.2.2.1 IP address but in log I stil have that router trying to connect using 1.1.1.1
In Policies I use 2.2.2.1 in Remote Peer I’ve got 1.1.1.1
What is the problem?? what should I do??
thx
Igor
Set local address in ipsec peer config.
Also you need to make sure connection leaves correct gateway using policy routing,
This one is done. I add my IP address and I start connection whit correct address.
But now I have got problem whit negotiation. I can’t established connection. I have fail i phase 1 due to time up.
This is the table whit IKE session
and my config
/ ip ipsec proposal print
0 name=“vpn” auth-algorithms=sha256
enc-algorithms=aes-128-cbc lifetime=1h pfs-group=modp1536
/ip ipsec peer print
0 ;;; vpn
address=3.3.3.3/32 local-address=2.2.2.1 passive=no port=500
auth-method=pre-shared-key
secret=“test”
generate-policy=no policy-template-group=default exchange-mode=main
send-initial-contact=yes nat-traversal=yes proposal-check=obey
hash-algorithm=sha256 enc-algorithm=aes-128 dh-group=modp1536 lifetime=8h
lifebytes=0 dpd-interval=20s dpd-maximum-failures=5
/ip ipsec policy print
1 ;;; vpn
src-address=172.28.92.0/24 src-port=any dst-address=172.19.0.0/16 dst-port=any
protocol=all action=encrypt level=require ipsec-protocols=esp tunnel=yes
sa-src-address=2.2.2.1 sa-dst-address=3.3.3.3
proposal=vpn.agora.pl priority=0
