i have Mikrotik to Azure IPSEC
and a list of NETS behind Azure (10.17.0.0/24,10.17.1.0/24,10.17.2.0/24,192.168.251.0/24,192.168.241.0/24)
when i setup a tunnel i created policies for each subnet
But the tunnel stops working from time to time
I notice that I'm receiving selectors all in one
may it be a problem ?
That is a common problem with IPsec between different manufacturers + having multiple selectors.
And don’t expect Microsoft to Fix it. The “modern way” is to use route-based VPN (IPsec VTI) but unfortunately MikroTik is moving that forward for about 10 years already.
Advice is to ask MikroTik to implement IPsec VTI in a feature request ticket. At some time they should go ahead and implement it…
Thanks
so may it be cause of tunnel down from time to time?
if they will send one by one will it solve. stability?
I think the problem is in the way that multiple policies are sent between IPsec endpoints.
In VTI that does not happen, everything is handled by a single wildcard profile and you only need to set routes to the networks you want to carry over the VPN.
