I have 2 networks connected with each other via IPSEC. All the relevant traffic is routed between both locations over IPSEC. All other traffic is going directly out into the internet. That works fine.
Network 1: 10.1.0.0/16
Network 2: 10.2.0.0/16
Now I need one single computer on network 2 (e.g. 10.2.1.200) to route all its traffic to network 1.
I added a new IPSEC policy saying src is 10.2.1.200/32 and target is 0.0.0.0/0 to be routed to network 1, but this has no effect at all. Internet traffic is still send out directly from network 2 into the internet.
Does somebody has experience in such a problem and can share his/her solution with me?
its a problem with ipsec tunnels because is not an interface its the same wan and difficult to route in and out of the tunnel.
You can solve it with NAT but the clean solution for it is to make a iPiP tunnel over ipsec to make tunnel an interface then replace the ipsec with ipip over ipsec
latest versions of routeros make very simple to implement creating the peer and policy of ipsec automatically when you create de iPiP tunnel.
I believe this should not be solved via a new IPSec policy. Use a Policy Base Routing on the Mikrotik instead: If the source is 10.2.1.200, then it route should be to 10.1.0.0/16 / it’s gateway should be 10.1.0.1(?).