Hello guys,
Bellow is export of my ipsec configuration. On my site (site A) is hEX with RouterOS 6.44.3 on other site (site B) is Cisco ASA. One host on my site A, is defined in two policies with /32 address, on site B there are defined two different hosts with /32 address. Problem is that traffic is working only with one policy. Both policies have status PH2 established, but SA outgoing counter on one policy does not increment. There are no errors in log.
E.g.: traffic through policy1 is works ok, but traffic through policy2 does not work. If I disable and enable policy2 then traffic starts working through policy2 but through policy1 traffic stops working.
Any idea, what could be wrong?
/ip ipsec profile
add dh-group=modp1536 dpd-interval=16s dpd-maximum-failures=1 enc-algorithm=aes-256 lifebytes=46080000 lifetime=1h name=profile-faza1-posta nat-traversal=no
/ip ipsec peer
add address=1.1.1.1 local-address=2.2.2.2 name=peer1 profile=profile-faza1-posta send-initial-contact=no
/ip ipsec identity
add peer=peer1 secret=bbbbbbbbbbbb
/ip ipsec proposal
add enc-algorithms=aes-256-cbc lifetime=1h name=proposal1-posta pfs-group=modp1536
add enc-algorithms=aes-256-cbc lifetime=1h name=proposal3-posta2 pfs-group=modp1536
/ip ipsec policy
add dst-address=y.y.y.y/32 proposal=proposal3-posta2 sa-dst-address=1.1.1.1 sa-src-address=2.2.2.2 src-address=x.x.x.x/32 tunnel=yes
add dst-address=z.z.z.z/32 proposal=proposal1-posta sa-dst-address=1.1.1.1 sa-src-address=2.2.2.2 src-address=x.x.x.x/32 tunnel=yes