IPsec - Policy with overlapping subnets

Hi all,

I’m little bit stuck with the configuration of my vpn connection. We are migrating form a Cisco ASA to a Mikrotik RB2011.

Locally I run a 192.168.85.64/26 subnet on the remote site the have 192.168.0.0/16. When enabling this policy I loose connectivity tot my RB on it’s ip 192.168.85.65/26.

src-address=192.168.85.64/26 src-port=any dst-address=192.168.0.0/16 
       dst-port=any protocol=all action=encrypt level=require 
       ipsec-protocols=esp tunnel=yes sa-src-address=xxx.xxx.223.144 
       sa-dst-address=yyy.yyy.108.4 proposal=default priority=0

Any suggestion to solve this? Changing the subnet’s is not an option because we are migrating the firewall and changing subnets has a mutch bigger impact.

See also: http://forum.mikrotik.com/t/ipsec-policy-overlapping/103852/1

Add an exclusion policy (for dst-address=192.168.85.65/26 with higher priority and action=none).

Thanks! Problem solved.

I also have to work on my search capabilities, didn’t find found it… :-s Excuse for this duplicate post!