Hi, I need to interconect to one of my provider with a vpn IPSec, but this provider have 2 address in his encription domain, one to receive our message and one to send messages. his servers IP are xxx.xxx.xxx.106 and xxx.xxx.xxx.110, we suggest to use xxx.xxx.xxx.104/29 as his domain but is not aceptable for his networking área. My CCR108 has only one position for the encription domain in policy (address or net).
Any suggestión about this configuratión?
Your help will be very appreciated.
atte
Victor
You can create two policies with one ip address each one. Something like this:
/ip ipsec policy
add dst-address=xxx.xxx.xxx.110/32 proposal=my_proposal sa-dst-address=y.y.y.y sa-src-address=x.x.x.x src-address=you_lan_network tunnel=yes
/ip ipsec policy
add dst-address=xxx.xxx.xxx.106/32 proposal=my_proposal sa-dst-address=y.y.y.y sa-src-address=x.x.x.x src-address=you_lan_network tunnel=yes
But I have a lot of problems with it when I setup IPSec site-to-site VPN with mikrotik and cisco ASA. But you can try.