Dear All!
Could you help me to setup the next IPSec VPN tunnel correctly without NAT:
10.1.1.0/24(my network) =>10.1.1.1 Mikrotik a.b.c.d <=> e.f.g.h partner router =>10.0.0.0/8
As you may see, my network is the part of partner’s network. When I create the IPSEC policy and start the traffic - all is Ok, it works, but the addresses from 10.1.1.0/24 becomes unavailable if the traffic for this network goes through Mikrotik. In particular, router us unavailable himself using 10.1.1.1 (I need to use another IP for it’s administration), it is impossible to use personal L2TP VPNs - connection is OK but no traffic to 10.1.1.1 at all, etc… Policy disabling solves all these problems immediately.
For me it means that every traffic for 10.1.1.0/24 is transferred to this tunnel instead of local network. I tried to add the IPsec policy for 10.1.1.0/24 network with action=“none” and highest priority but without success.
Ipsec policies that I created:
/ip ipsec policy:
add dst-address=10.0.0.0/8 level=unique proposal=aes128_192_256-sha1-group2 sa-dst-address=e.f.g.h sa-src-address=a.b.c.d src-address=10.1.1.0/24 tunnel=yes
add action=none dst-address=10.1.1.0/24 level=unique priority=100 src-address=10.1.1.0/24