Hi,
I have two locaiton which were connected via ipsec for over 1 year.
Recently one of the location needed extra bandwidth so we got second WAN connection. We implemented policy as discribe in the docs:
admin@PB-Router] ip firewall mangle> add src-address=192.168.0.0/24
... action=mark-routing new-routing-mark=net1 chain=prerouting
[admin@PB-Router] ip firewall mangle> add src-address=192.168.1.0/24
... action=mark-routing new-routing-mark=net2 chain=prerouting
[admin@PB-Router] ip firewall mangle> print
Flags: X - disabled, I - invalid, D - dynamic
0 chain=prerouting src-address=192.168.0.0/24 action=mark-routing
new-routing-mark=net1
1 chain=prerouting src-address=192.168.1.0/24 action=mark-routing
new-routing-mark=net2
[admin@PB-Router] ip firewall mangle>
[admin@PB-Router] ip route> add gateway=10.0.0.2 routing-mark=net1
... check-gateway=ping
[admin@PB-Router] ip route> add gateway=10.0.0.3 routing-mark=net2
... check-gateway=ping
[admin@PB-Router] ip route> add gateway=10.0.0.1
Now may VPN does not work, When I look at the tourch traffic does come to the router which got two WAN connection, but it does not reach the IPsec policy
0 src-address=10.1.15.0/24:any dst-address=10.1.9.0/24:any protocol=all
action=encrypt level=require ipsec-protocols=esp tunnel=yes
sa-src-address=71.xx.xx.xx sa-dst-address=216.xx.xx.xx
proposal=default manual-sa=none dont-fragment=clear
What Can I do to seperate thr traffic for the IPsec from policy routing?
What I have to do to make policy routing and Ipsec work at the same time