Hi,
between my MainSite and RemoteSite I have configured backup gre link, on this link is applied IPSEC with transport mode so src-address is MainSite IP dst-address: RemoteSite IP and vice-versa and protocol=all.
And because this setting “protocol=all” I have problem accesing Remote site thru this link when IPSEC is down, so even when on Remote site WAN link is OK but IPSEC is down, I can’t access remote site from MainSIte. Connection from any other external IP than MainSIte works without problem.
I don’t have idea how to reconfigure this transport IPSEC link in remote site to be accessible no matter if IPSEC is UP or DOWN?
If you want only GRE over ipsec then specify protocol=gre in ipsec policy config.
heh looks better now, even If I force down IPSEC between sites, with protocol=gre I can access remote from main site,
but is a little problem, pings from MainSite To Remote not working, so I can’t checking if on remote WAN is UP is any remedy for that?
Probably ICMP is dropped in firewall input chain.
unfortunately your suggestion didn’t help,
I reconfigured IPSEC that is applied on Gre interface between twho sites to have protocol=47 but when IPSEC is down on remote site so near gre interface there isn’t “R” statement sow gre is down, then I can’t connect from main site to remote site, I can’t connect to it even from any other external IP.
So my problem is if GRE interface with it’s external WAN IP configured isn’t UP then I can’t connect to this mikrotik WAN IP address (mikrotik has multi wan setup)