Hi!
I need to add more that one subnet to IPSec policy.
I’ve tried something like this
src-address=192.168.50.0/24 src-port=any dst-address=10.6.6.0/24
dst-port=any protocol=all action=encrypt level=require ipsec-protocols=esp
tunnel=yes sa-src-address=my_wan_ip sa-dst-address=remote_ip
proposal=proposal2 priority=0
src-address=192.168.60.0/24 src-port=any dst-address=10.6.6.0/24
dst-port=any protocol=all action=encrypt level=require ipsec-protocols=esp
tunnel=yes sa-src-address=my_wan_ip sa-dst-address=remote_ip
proposal=proposal2 priority=0
But works only one (the first one). From asecond subnet I have no access to remote network. In logs (with ipsec debug) I didnt find ant errors.
Could you please help with it?
thanks.
It is much easier to create GRE tunnel interface, protect it with IPSec and do all the routing via it instead of creating those complicated IPSec policies.
By the way, is plain IPSec tunnel interfaces are on the feature request list?
If you can, please provide some details about gre interface (link, doc etc). Can I use it without any changes on remote side?
Thanks.
Thanks. But its not my case 