I have a RB3011 with several IPSec VPNs configured to multiple external locations.
All of the ones with a single remote subnet work just fine, but the one VPN that has multiple remote subnets will only connect the first SA, and the rest all say “no phase2” under policies in Winbox. I’ve verified the settings and made sure the remote peer matches the subnets exactly. Obviously, the result of this is that only the first subnet functions… and if I change the order of the subnets, whichever one is on top works and the one that was previously working moves back to “no phase2”.
This is a maddening problem. I’ve tried all sorts of options… IKEv1 or v2, various encryption parameters, etc. I know the parameters match the remote side or the first SA wouldn’t come up and no traffic would work at all.
Could this be a bug? Does anyone else have multiple SAs to a single peer functioning in 7.12.1?